Jump to content

Chamomile Shark

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Everything posted by Chamomile Shark

  1. thanks, I've done all of this. The "how did I get infected" article was interesting. I wasn't aware lyric sites (which I use alot) are a particular problem, but sure enough WOT showed that when I was looking for some lyrics last night. Many, many thanks for all your help, I think we are done.
  2. I did have a look at the McAfee forums - apparently its not an available feature - something they mcAfee employee that moderated the forum was saying they had been asking for for years. Frankly I only use McAfee because it came bundled with my ISP/Broadband account. My partner uses Panda and when she comes to live here in a month I'm expecting to get a licence for that (goes on up to 3 machines) - but I would be interesting in hearing your recommendations for free antivirus/firewalls.
  3. I tried. McAfee ate it again. You were right, I checked the log and it basically quaratined the file as soon as the host programme pulled it in. It seems all other plugins by that programmer also got quarantined. So I found the restore, said "I want to restore". Started up the host again. Quarantined again. I can't see an option for it not to keep doing this. I'm thinking the problem is wider, it's actually the programme, called "synthedit" those plug ins were written in because I believe .sep is the file extenion for plugins built in that progrgramme. If so, I may lose other freeware becuase it's one of the main programmes built by the free/share/donationware fraternity. Is there a way of stopping McAfee doing this?
  4. It seems I cannot do that. Going to restore only finds one object quanitined years ago. Note that I had problems with the plugin before I ran the McAfee, would it have quarantined the file before the scan? It's not a vital plugin, I think there wasn't even an installer it is simply a .dll which I can remove. I've had a few other problems but I may be able to sort them - I'll see how it goes for the next day or so.
  5. hi, I did think if I found the log I could post it..but it won't allow me to copy and paste. It's music productio so it is a DAW (digital audio workstation). Cubase SX3 does all the recording and it acts as a host for plugins that act as instruments or effects. Everything here is kosher. The plugin baxxexpander is freeware but it is very well known and I've had it for about 5 years. the trojan was GenericPWS.y! cap it was found in.. C\prog\steinberg\cubase\vst pluins\ production \ baxxexpander\ softdist.sep I've shortened some of the names. I would think "softdist" is soft distortion - maybe a preset within Baxexpander.
  6. hi, I already had Java 6.20 and Adobe reader 9.3 from your previous instruction - but I have uninstalled and reinstalled anyway. I'm still having problems. I had an issue with my music yesterday and got error messages regarding one of the plugin's .sepi files. I ran McAfee overnight and it found a trojan at the same location. Also previous to this infection I had a problem with one of the those Antivirus programmes - that's how I originally I came to find Malawarebytes - since then McAfee had a habit of giving me a "your PC is not protected - click to solve issues". Clicking then basically turns it back on. Yesterday it did that about 4 or 5 times. I assume there are no issues with running a variety of tools? I also have spybot and that seems to find adware issues that McAfee and Malawarebytes seem to miss.
  7. here is the log BitDefender QuickScan Beta 32-bit v0.9.9.5 ------------------------------------------ Scan date: Mon Jul 05 10:52:33 2010 Machine ID: FC090C8D No infection found. --------------------- Processes --------- <unsigned> Hewlett-Packard Company KBD EXE 2416 C:\HP\KBD\KBD.EXE <unsigned> HotSync
  8. Hi, I've removed the files. The online scan is not avaiable - I'm not sure for how long. "The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not try a free trial of Kaspersky Internet Security 2010, which has everything you need to keep your computer safe."
  9. ok, the files got uploaded and the log is below. ComboFix 10-07-01.02 - Owner 03/07/2010 14:36:28.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} file zipped: c:\windows\Bqicesebeb.bin file zipped: c:\windows\Fwiheqayof.dat file zipped: c:\windows\system32\drivers\agp440.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Bqicesebeb.bin c:\windows\Fwiheqayof.dat . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\agp440.sys --> c:\windows\system32\drivers\agp440.sys . ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))) . 2010-07-03 10:03 . 2010-07-01 12:52 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-07-03 10:03 . 2010-07-01 12:51 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-07-03 10:03 . 2010-07-01 12:51 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-07-03 10:03 . 2010-07-01 12:51 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-06-28 21:12 . 2010-06-28 21:12 -------- d-----w- c:\program files\Common Files\Logitech 2010-06-28 21:12 . 2010-06-28 21:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations 2010-06-23 09:21 . 2010-06-23 09:21 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb140.tmp.exe 2010-06-18 15:10 . 2010-06-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-06-18 15:10 . 2010-06-18 15:10 -------- d-----w- c:\program files\PCPitstop 2010-06-18 15:00 . 2010-06-18 15:01 -------- d-----w- c:\program files\CCleaner 2010-06-18 12:43 . 2010-06-25 10:44 -------- d-----w- c:\program files\MyDefrag v4.3.1 2010-06-18 12:43 . 2010-05-21 11:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr 2010-06-18 12:43 . 2010-05-21 11:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe 2010-06-15 09:26 . 2010-06-15 09:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-15 09:24 . 2010-06-15 09:24 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-06-15 09:24 . 2010-06-28 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-15 09:23 . 2010-06-15 09:23 -------- d-----w- c:\program files\Common Files\Java 2010-06-15 09:20 . 2010-06-15 09:20 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\msvcp71.dll 2010-06-15 09:20 . 2010-06-15 09:20 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\jmc.dll 2010-06-15 09:20 . 2010-06-15 09:20 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\msvcr71.dll 2010-06-15 09:20 . 2010-06-15 09:20 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1936b979-n\decora-sse.dll 2010-06-15 09:20 . 2010-06-15 09:20 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1936b979-n\decora-d3d.dll 2010-06-15 09:20 . 2010-06-15 09:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-15 09:19 . 2010-06-15 09:19 -------- d-----w- c:\program files\Java 2010-06-10 22:43 . 2010-06-10 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-06-09 19:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-05 16:23 . 2010-06-06 09:30 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-04 15:12 . 2010-06-04 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wthlxmtvg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 12:43 . 2009-02-22 20:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-07-03 12:42 . 2009-02-22 20:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-07-02 22:25 . 2009-02-25 21:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-07-02 20:55 . 2009-02-25 21:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2010-06-27 22:24 . 2003-12-04 21:19 -------- d-----w- c:\program files\Palm 2010-06-26 22:47 . 2003-12-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-15 09:28 . 2003-01-01 23:08 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-15 07:37 . 2003-12-04 15:08 -------- d-----w- c:\program files\McAfee 2010-06-11 07:41 . 2006-05-05 15:11 -------- d-----w- c:\program files\XviD 2010-06-05 17:13 . 2003-12-04 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-05 16:38 . 2007-08-03 20:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-02 15:31 . 2005-05-29 14:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Soamad 2010-06-02 14:36 . 2006-02-21 06:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Izva 2010-05-27 12:28 . 2004-01-24 21:49 -------- d-----w- c:\program files\ICQ 2010-05-06 10:41 . 2004-02-06 17:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2003-12-04 03:45 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 14:39 . 2010-02-17 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2010-02-17 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30 . 2003-12-04 04:04 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-19 19:43 . 2010-04-19 19:43 276591 ----a-w- c:\windows\CUBE Demo Uninstaller.exe 2007-06-16 12:33 . 2007-06-16 12:33 475844 -c--a-w- c:\program files\OggDS0995.exe 2007-06-15 08:36 . 2007-06-15 08:36 1207026 -c--a-w- c:\program files\wrar370.exe 2004-01-24 22:17 . 2004-01-19 21:14 10012 -c--a-w- c:\program files\ambt.dat 2002-11-11 13:56 . 2002-11-11 13:56 155648 -c--a-w- c:\program files\Common Files\MTron Sounds Installer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152] "McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-10 68856] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-26 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe -tKYE\USB Storage RW" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472] "nwiz"="nwiz.exe" [2003-07-28 323584] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-25 11:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave9"=Echo24Wrap.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "swg"=c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe "YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" /r "WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" "ATIModeChange"=Ati2mdxx.exe "PS2"=c:\windows\system32\ps2.exe "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/02/2009 20:15 64160] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 10:33 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 74480] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/02/2010 12:39 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18/04/2009 19:45 93320] R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [03/12/2003 22:19 37568] R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [19/05/2003 13:14 546560] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [03/12/2003 22:19 444416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/02/2010 12:39 20952] R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [05/12/2003 18:32 23696] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 19:06 135664] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [18/06/2010 16:10 85504] . Contents of the 'Scheduled Tasks' folder 2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2009-04-18 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{F72CFE1E-F4B6-41A1-A43F-BFFA77BBAF9F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.bt.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: {5F5AF907-6CC7-419E-8739-3F357B4758FA} = 62.6.40.162 194.72.0.98 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://F:\IntraLaunch.CAB DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.btyahoo.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-Native Instruments Kontakt Experience - l:\samples\KONTAK~2\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-03 14:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(580) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2010-07-03 14:52:38 ComboFix-quarantined-files.txt 2010-07-03 13:52 ComboFix2.txt 2010-06-30 10:48 Pre-Run: 22,349,111,296 bytes free Post-Run: 22,332,506,112 bytes free - - End Of File - - 8D7AFE642C976F0F87AB35E0504B4F40 Upload was successful
  10. ok, thanks for your continued patience! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4260 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30/06/2010 11:06:32 mbam-log-2010-06-30 (11-06-32).txt Scan type: Quick scan Objects scanned: 138081 Time elapsed: 16 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix log ComboFix 10-06-29.03 - Owner 30/06/2010 11:32:19.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1481 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Application Data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB} c:\documents and settings\Owner\Local Settings\Application Data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB}\chrome.manifest c:\documents and settings\Owner\Local Settings\Application Data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB}\chrome\content\_cfg.js c:\documents and settings\Owner\Local Settings\Application Data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB}\chrome\content\overlay.xul c:\documents and settings\Owner\Local Settings\Application Data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB}\install.rdf . ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 ))))))))))))))))))))))))))))))) . 2010-06-28 21:12 . 2010-06-28 21:12 -------- d-----w- c:\program files\Common Files\Logitech 2010-06-28 21:12 . 2010-06-28 21:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations 2010-06-23 09:21 . 2010-06-23 09:21 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb140.tmp.exe 2010-06-19 14:33 . 2010-04-08 01:50 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-06-19 14:33 . 2010-04-08 01:50 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-06-19 14:33 . 2010-04-08 01:50 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-06-19 14:33 . 2010-04-08 01:50 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-06-18 15:10 . 2010-06-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-06-18 15:10 . 2010-06-18 15:10 -------- d-----w- c:\program files\PCPitstop 2010-06-18 15:00 . 2010-06-18 15:01 -------- d-----w- c:\program files\CCleaner 2010-06-18 12:43 . 2010-06-25 10:44 -------- d-----w- c:\program files\MyDefrag v4.3.1 2010-06-18 12:43 . 2010-05-21 11:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr 2010-06-18 12:43 . 2010-05-21 11:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe 2010-06-15 09:26 . 2010-06-15 09:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-15 09:24 . 2010-06-15 09:24 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-06-15 09:24 . 2010-06-28 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-15 09:23 . 2010-06-15 09:23 -------- d-----w- c:\program files\Common Files\Java 2010-06-15 09:20 . 2010-06-15 09:20 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\msvcp71.dll 2010-06-15 09:20 . 2010-06-15 09:20 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\jmc.dll 2010-06-15 09:20 . 2010-06-15 09:20 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48fbb308-n\msvcr71.dll 2010-06-15 09:20 . 2010-06-15 09:20 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1936b979-n\decora-sse.dll 2010-06-15 09:20 . 2010-06-15 09:20 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1936b979-n\decora-d3d.dll 2010-06-15 09:20 . 2010-06-15 09:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-15 09:19 . 2010-06-15 09:19 -------- d-----w- c:\program files\Java 2010-06-11 11:51 . 2010-06-26 19:06 120 ----a-w- c:\windows\Fwiheqayof.dat 2010-06-11 11:51 . 2010-06-26 09:26 0 ----a-w- c:\windows\Bqicesebeb.bin 2010-06-10 22:43 . 2010-06-10 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-06-09 19:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-05 16:23 . 2010-06-06 09:30 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-04 15:12 . 2010-06-04 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wthlxmtvg 2010-06-02 14:26 . 2010-06-02 14:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-30 08:32 . 2009-02-22 20:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-30 08:31 . 2009-02-22 20:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-06-29 22:11 . 2009-02-25 21:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-06-29 21:00 . 2009-02-25 21:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2010-06-27 22:24 . 2003-12-04 21:19 -------- d-----w- c:\program files\Palm 2010-06-26 22:47 . 2003-12-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-15 09:28 . 2003-01-01 23:08 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-15 07:37 . 2003-12-04 15:08 -------- d-----w- c:\program files\McAfee 2010-06-11 07:41 . 2006-05-05 15:11 -------- d-----w- c:\program files\XviD 2010-06-05 17:13 . 2003-12-04 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-05 16:38 . 2007-08-03 20:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-02 15:31 . 2005-05-29 14:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Soamad 2010-06-02 14:36 . 2006-02-21 06:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Izva 2010-05-27 12:28 . 2004-01-24 21:49 -------- d-----w- c:\program files\ICQ 2010-05-06 10:41 . 2004-02-06 17:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2003-12-04 03:45 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 14:39 . 2010-02-17 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2010-02-17 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30 . 2003-12-04 04:04 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-19 19:43 . 2010-04-19 19:43 276591 ----a-w- c:\windows\CUBE Demo Uninstaller.exe 2007-06-16 12:33 . 2007-06-16 12:33 475844 -c--a-w- c:\program files\OggDS0995.exe 2007-06-15 08:36 . 2007-06-15 08:36 1207026 -c--a-w- c:\program files\wrar370.exe 2004-01-24 22:17 . 2004-01-19 21:14 10012 -c--a-w- c:\program files\ambt.dat 2002-11-11 13:56 . 2002-11-11 13:56 155648 -c--a-w- c:\program files\Common Files\MTron Sounds Installer.exe . ------- Sigcheck ------- [7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152] "McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-10 68856] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-26 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe -tKYE\USB Storage RW" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472] "nwiz"="nwiz.exe" [2003-07-28 323584] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-25 11:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave9"=Echo24Wrap.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "swg"=c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe "YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" /r "WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" "ATIModeChange"=Ati2mdxx.exe "PS2"=c:\windows\system32\ps2.exe "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Yzuqizewug"=rundll32.exe "c:\windows\atekonejiqaluh.dll",Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/02/2009 20:15 64160] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 10:33 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 74480] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/02/2010 12:39 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18/04/2009 19:45 93320] R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [03/12/2003 22:19 37568] R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [19/05/2003 13:14 546560] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [03/12/2003 22:19 444416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/02/2010 12:39 20952] R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [05/12/2003 18:32 23696] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 19:06 135664] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [18/06/2010 16:10 85504] . Contents of the 'Scheduled Tasks' folder 2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2009-04-18 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{F72CFE1E-F4B6-41A1-A43F-BFFA77BBAF9F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.bt.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://F:\IntraLaunch.CAB DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.btyahoo.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-30 11:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2010-06-30 11:48:37 ComboFix-quarantined-files.txt 2010-06-30 10:48 ComboFix2.txt 2010-06-09 10:10 Pre-Run: 21,976,600,576 bytes free Post-Run: 22,019,371,008 bytes free - - End Of File - - 159E81C2F7F85EA12BD7EFC07E5EBDE0
  11. ok thanks. sorry about this. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 11:32:38.81 on 28/06/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1158 [GMT 1:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\Hotsync.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://home.bt.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [McAfee.InstantUpdate.Monitor] "c:\program files\mcafee\mcafee shared components\instant updater\RuLaunch.exe" /STARTMONITOR uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [KYE_Showicon] "c:\program files\usb storage rw\shwicon.exe" -t"kye\USB Storage RW" mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Yzuqizewug] rundll32.exe "c:\windows\atekonejiqaluh.dll",Startup mRunOnce: [uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp dRunOnce: [sRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxd.cab DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://F:\IntraLaunch.CAB DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - hxxps://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37959.3170601852 DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxp://register.btinternet.com/templates/btwebcontrol023.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab TCP: {5F5AF907-6CC7-419E-8739-3F357B4758FA} = 62.6.40.162 194.72.0.98 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\laxxm14v.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.btyahoo.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\laxxm14v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\laxxm14v.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {E225415B-CF73-4F96-9A16-5A0AE3CE2DBB} - c:\documents and settings\owner\local settings\application data\{E225415B-CF73-4F96-9A16-5A0AE3CE2DBB} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-18 214664] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-17 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-18 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-18 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-18 144704] R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [2003-12-3 37568] R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [2003-5-19 546560] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [2003-12-3 444416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-17 20952] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-18 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-18 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-18 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-18 40552] R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2003-12-5 23696] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-18 34248] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-6-18 85504] S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?] =============== Created Last 30 ================ 2010-06-27 09:38:12 92 ----a-w- c:\windows\wininit.ini 2010-06-18 15:10:41 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop 2010-06-18 15:10:40 0 d-----w- c:\program files\PCPitstop 2010-06-18 15:00:53 0 d-----w- c:\program files\CCleaner 2010-06-18 12:43:47 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr 2010-06-18 12:43:47 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe 2010-06-18 12:43:47 0 d-----w- c:\program files\MyDefrag v4.3.1 2010-06-17 10:16:53 0 d-s---w- C:\ComboFix 2010-06-15 09:20:11 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-06-15 09:20:11 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-11 11:51:01 120 ----a-w- c:\windows\Fwiheqayof.dat 2010-06-11 11:51:01 0 ----a-w- c:\windows\Bqicesebeb.bin 2010-06-10 22:43:21 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure 2010-06-09 19:10:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 09:37:52 0 d-sha-r- C:\cmdcons 2010-06-05 16:23:02 0 d-----w- c:\program files\common files\PC Tools ==================== Find3M ==================== 2010-06-28 08:22:50 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-28 08:22:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-19 19:43:53 276591 ----a-w- c:\windows\CUBE Demo Uninstaller.exe 2010-03-30 23:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-30 23:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2007-06-16 12:33:57 475844 -c--a-w- c:\program files\OggDS0995.exe 2007-06-15 08:36:37 1207026 -c--a-w- c:\program files\wrar370.exe 2004-01-24 22:17:01 10012 -c--a-w- c:\program files\ambt.dat 2002-11-11 13:56:56 155648 -c--a-w- c:\program files\common files\MTron Sounds Installer.exe 2008-08-21 11:38:49 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat ============= FINISH: 11:34:09.01 =============== Attach.zip
  12. Hi, I've managed to get CDs ripped via Windows Media player. Re the camera, the "get pictures" wizard is useless as my device is not found, not in the list to add etc etc. It looks like I can simply copy the pictures as it appears as a "M disk" and then delete them off the camera via the camera itself. Does that sound right? ..Unfortunately when I ran Spybot it found a trojan. It removed it. I am now getting .dll errors again. Specifically "error loading c\windows\atckonejqualuh.dll module cannot be found". I updated malawarebytes and ran it, it didn't find anything. I ran checkdisk again - still happening.
  13. hi, I will try a re-install. I've found a problem. Despite re-nabling the CD autorun, putting in a CD is not producing a window asking me to play, rip etc. Similarly when I plug my camera in. Help?
  14. ok, a few days have gone by and I've been watching for any problems. Good news - the throwing of random windows errors on start up seem to have gone. IE is still sick (as in the start up is very slow) but with Firefox and Chrome loaded here that is liveable. I will either re-install IE or simply stop using it. Many thanks for all your help. Am I supposed to do something with the CD autorun now?
  15. thanks, I've been able to do most of these. I have a huge number of programmes which are related to my music production, I go through and uninstall regularly so there is not much else I can remove. However, I've moved 7GB of photos which is 10% of the C drive. I have a lot of music data files but they take time to move, they need to be individually exported (but I have to back them up anyway). I've used the defrager you sugested and the cleaner. They both seem better that what I currently have as I do regualrly defrag and clean and these programmes still found plenty to do. WHAT'S STILL NOT WORKING - I've had a few crashes on start up, e.g the PC telling me Windows has to close.it also had something with Dr Watson Debugger failing ...but the past day as far as I can tell the problems are confined to IE. If I try and work on my e-mail (web based) or on a forum like this, spaces and letters get missed. Also IE often fails to open and freezes. If that is my only issue I am thinking of uninstalling and re-installing IE..or simply switch to using Firefox or Chrome. On Firefox at least there are no missing leters or spaces. Really many thanks for all your help.
  16. Hi, that seems to have worked..it came up and said it's been uninstalled.
  17. re the Combofix - it looks as if I have sone something stupid, I assumed what I had on the desktop was just the icon and deleted it a few days ago. Clearly it wasn't just the icon because it's not finding it for an uninstall. I don't think the old system restore works anymore - seems to have stopped working years ago. What do I need to do to uninstall it if I've done that? thanks for all your help and patience. I think this is the URL http://www.pcpitstop.com/betapit/sec.asp?conid=23669759
  18. thanks for your reply. re the rundll problem I ran malwarebytes and it found a virus in that file and removed the virus so those errors have stopped. still a few freezes but it seems better. the log SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 09:41 on 15/06/2010 by Owner (Administrator - Elevation successful) ========== filefind ========== Searching for "fgmcds.dll" No files found. ========== regfind ========== Searching for "fgmcds.dll" No data found. -=End Of File=-
  19. Now another problem. Every few seconds I'm getting this message "RUNDLL c\windows\fgmcds.dll missing entry : jep" Help!!!
  20. ok, just noticed another problem. I'm using BT Yaho webmail. When I type a message I keep finding letters or spaces missing. It's happening posting here too. But it does not seem to be a problem with the keyboard as my typing in Word is fine.
  21. hi, thanks. After the combofix ate something I am no longer getting redirects in IE. No more additional windows opening in IE. Chrome and Mozilla now connect and open properly. Generally programmes don't go to not responding BUT... IE is freezing when I first open it. I have to close it, it tells me it's non responsive etc so I need to close the application via the windows alt/crtl/delete. When I try and open a second time, it does ok and goes to the appropriate start up page. A note on the logs. I think the "Active World" one is ok. It is an old virtual world programme a bit like second life, it just didn't uninstall properly. My ISP is BT (I see it found a dialer) Many, many thanks for your time and help on this. Mark The logs. Agp440.sys analysis File agp440.sys.2010.8.6.11.15.pvr.per received on 2010.06.09 14:47:35 (UTC) Current status: finished Result: 1/41 (2.44%) Compact Print results Antivirus Version Last Update Result a-squared 5.0.0.26 2010.06.09 - AhnLab-V3 2010.06.09.04 2010.06.09 - AntiVir 8.2.2.6 2010.06.09 - Antiy-AVL 2.0.3.7 2010.06.08 - Authentium 5.2.0.5 2010.06.09 - Avast 4.8.1351.0 2010.06.09 - Avast5 5.0.332.0 2010.06.09 - AVG 9.0.0.787 2010.06.09 - BitDefender 7.2 2010.06.09 - CAT-QuickHeal 10.00 2010.06.09 - ClamAV 0.96.0.3-git 2010.06.09 - Comodo 5040 2010.06.09 - DrWeb 5.0.2.03300 2010.06.09 - eSafe 7.0.17.0 2010.06.09 - eTrust-Vet 36.1.7622 2010.06.09 - F-Prot 4.6.0.103 2010.06.09 - F-Secure 9.0.15370.0 2010.06.09 - Fortinet 4.1.133.0 2010.06.09 - GData 21 2010.06.09 - Ikarus T3.1.1.84.0 2010.06.09 - Jiangmin 13.0.900 2010.06.09 - Kaspersky 7.0.0.125 2010.06.09 - McAfee 5.400.0.1158 2010.06.09 - McAfee-GW-Edition 2010.1 2010.06.09 Heuristic.LooksLike.Trojan.Patched.I Microsoft 1.5802 2010.06.09 - NOD32 5184 2010.06.09 - Norman 6.04.12 2010.06.09 - nProtect 2010-06-09.02 2010.06.09 - Panda 10.0.2.7 2010.06.08 - PCTools 7.0.3.5 2010.06.09 - Prevx 3.0 2010.06.09 - Rising 22.51.02.03 2010.06.09 - Sophos 4.53.0 2010.06.09 - Sunbelt 6424 2010.06.09 - Symantec 20101.1.0.89 2010.06.09 - TheHacker 6.5.2.0.295 2010.06.08 - TrendMicro 9.120.0.1004 2010.06.09 - TrendMicro-HouseCall 9.120.0.1004 2010.06.09 - VBA32 3.12.12.5 2010.06.09 - ViRobot 2010.6.9.2346 2010.06.09 - VirusBuster 5.0.27.0 2010.06.09 - Additional information File size: 42368 bytes MD5 : 2c428fa0c3e3a01ed93c9b2a27d8d4bb SHA1 : 4102b86336950f4b108fd32d8b43fd0a9cfdb1fd SHA256: a11aa25c0ff052578ae342717c85aed26b79cce39040c42c69105868f6059a34 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8D85 timedatestamp.....: 0x41107D2C (Wed Aug 4 08:07:40 2004) machinetype.......: 0x14C (Intel I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0x22D2 0x2300 6.62 c6c4a6dc5b4fdf67208639f72ff1c7c7 .rdata 0x2600 0x18B 0x200 3.72 493e63071bd75f61547e38b0a124cdcb .data 0x2800 0xA0 0x100 1.26 e20e4b85c1aef19d673f909b40ea536f PAGE 0x2900 0x647B 0x6480 6.63 17ad2b01bd41736f54e824d45aef67c4 INIT 0x8D80 0xA6E 0xA80 6.15 21b7ca3f4f81e46e8b2e03bc4f7de930 .rsrc 0x9800 0x3F0 0x400 3.38 cbc8253ce1d5d060f47236db753d0f2e .reloc 0x9C00 0x91C 0x980 6.27 5d76cdd7e95135993cc90baf5d0a5eab ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 768:5+mbAAr7jYSoQsUyWVo/3pzj6o0LhlSIrHJb984BRy:5Ff7jpoQsUWg9lSIdb9BRy sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: 440 NT AGP Filter original name: agp440.sys internal name: agp440.sys file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - packers (Kaspersky): PE_Patch RDS : NSRL Reference Data Set ( Gateway ) Gateway Operating System Windows XP Pro Edition SP2: agp440.sys ( Microsoft ) Disc 2438.5: agp440.sysMSDN Disc 2428.4: agp440.sysMSDN Disc 2428.5: agp440.sysMSDN Disc 2428.8: agp440.sysMSDN Disc 2438.7: agp440.sysMSDN Disc 2438.8: agp440.sysMSDN Disc 2439.6: agp440.sysMSDN Disc 2439.7: agp440.sysMSDN Disc 2439.8: agp440.sysMSDN Disc 2440.3: agp440.sysMSDN Disc 2440.4: agp440.sysMSDN Disc 2440.5: agp440.sysMSDN Disc 2441.5: agp440.sysMSDN Disc 2441.6: agp440.sysMSDN Disc 2441.7: agp440.sysMSDN Disc 2442.4: agp440.sysMSDN Disc 2442.6: agp440.sysMSDN Disc 2443.2: agp440.sysMSDN Disc 2443.4: agp440.sysMSDN Disc 2444.3: agp440.sysMSDN Disc 2444.3: agp440.sysMSDN Disc 2444.4: agp440.sysMSDN Disc 2444.6: agp440.sysMSDN Disc 2455.6: agp440.sysMSDN Disc 2464.5: agp440.sysMSDN Disc 2465.4: agp440.sysMSDN Disc 2465.5: agp440.sysMSDN Disc 2466.2: agp440.sysMSDN Disc 2466.4: agp440.sysMSDN Disc 2476.2: agp440.sysMSDN Disc 2476.4: agp440.sysMSDN Disc 2477.2: agp440.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: agp440.sysVirtual PC for Mac Windows XP Home Edition: agp440.sysVirtual PC for Mac Windows XP Professional Edition: agp440.sys F-secure scan Scanning Report Friday, June 11, 2010 23:43:49 - 08:47:38 Computer name: URIEL Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ L:\ Z:\ 13 malware found TrackingCookie.Atdmt (spyware)
  22. thank you so much for your reply - I am truely grateful! I see you are in LA, I am in the UK so we are out of sync so you will find I will be replying out of sync to you but I will be replying! so here are the log files... Combofix ComboFix 10-06-08.03 - Owner 09/06/2010 10:49:57.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1567 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Temporary Internet Files\1km1b.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\4M04Pjy.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\5Moa6abk.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\XmaxP.jpg c:\documents and settings\Owner\Recent\Thumbs.db c:\windows\system\Pncrt.dll c:\windows\system32\fonts c:\windows\system32\fonts\ACADEMY_.PFB c:\windows\system32\fonts\ACADEMY_.PFM c:\windows\system32\fonts\ACADEMY_.TTF c:\windows\system32\Thumbs.db D:\Autorun.inf L:\Autorun.inf Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 ))))))))))))))))))))))))))))))) . 2010-06-05 16:23 . 2010-06-06 09:30 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-04 15:12 . 2010-06-04 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wthlxmtvg 2010-06-02 14:26 . 2010-06-02 14:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-09 09:47 . 2009-02-22 20:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-09 09:47 . 2009-02-22 20:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-06-08 21:46 . 2009-02-25 21:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-06-08 20:29 . 2009-02-25 21:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2010-06-05 18:40 . 2003-12-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-05 17:13 . 2003-12-04 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-05 16:38 . 2007-08-03 20:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-02 15:31 . 2005-05-29 14:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Soamad 2010-06-02 14:36 . 2006-02-21 06:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Izva 2010-05-27 12:28 . 2004-01-24 21:49 -------- d-----w- c:\program files\ICQ 2010-05-15 16:05 . 2003-12-04 21:19 -------- d-----w- c:\program files\Palm 2010-04-30 14:32 . 2010-02-17 11:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 14:39 . 2010-02-17 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2010-02-17 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 21:05 . 2010-04-27 21:05 -------- d-----w- c:\program files\Common Files\Skype 2010-04-19 19:43 . 2010-04-19 19:43 276591 ----a-w- c:\windows\CUBE Demo Uninstaller.exe 2010-04-19 19:43 . 2010-04-19 19:43 -------- d-----w- c:\program files\VirSyn Software Synthesizer 2007-06-16 12:33 . 2007-06-16 12:33 475844 -c--a-w- c:\program files\OggDS0995.exe 2007-06-15 08:36 . 2007-06-15 08:36 1207026 -c--a-w- c:\program files\wrar370.exe 2004-01-24 22:17 . 2004-01-19 21:14 10012 -c--a-w- c:\program files\ambt.dat 2002-11-11 13:56 . 2002-11-11 13:56 155648 -c--a-w- c:\program files\Common Files\MTron Sounds Installer.exe . ------- Sigcheck ------- [7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152] "McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-10 68856] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-26 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe -tKYE\USB Storage RW" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472] "nwiz"="nwiz.exe" [2003-07-28 323584] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-25 11:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave9"=Echo24Wrap.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "swg"=c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe "YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" /r "WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" "ATIModeChange"=Ati2mdxx.exe "PS2"=c:\windows\system32\ps2.exe "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/02/2009 20:15 64160] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 10:33 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 74480] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/02/2010 12:39 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18/04/2009 19:45 93320] R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [03/12/2003 22:19 37568] R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [19/05/2003 13:14 546560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 00:01 101936] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [03/12/2003 22:19 444416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/02/2010 12:39 20952] R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [05/12/2003 18:32 23696] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 19:06 135664] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408] . Contents of the 'Scheduled Tasks' folder 2010-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:06] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402589321-493697589-2058370646-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 12:18] 2010-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2009-04-18 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 11:22] 2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{F72CFE1E-F4B6-41A1-A43F-BFFA77BBAF9F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.bt.yahoo.com/ uDefault_Search_URL = hxxp://srch-gb7.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html Trusted Zone: arbitermt.co.uk\www Trusted Zone: filesmonster.com Trusted Zone: http Trusted Zone: uploaded.to Trusted Zone: uploading.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://F:\IntraLaunch.CAB DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\laxxm14v.default\ FF - prefs.js: browser.startup.homepage - hxxp://dailystrength.org/home FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - k:\arc\arc3\Download\HijackThis.exe AddRemove-Wusik Free Reaktor Collection_is1 - c:\program files\Native Instruments\Reaktor 4\Library\Ensembles\Synths\Wusik.com\ReaktorCollection\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-09 11:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2010-06-09 11:10:20 ComboFix-quarantined-files.txt 2010-06-09 10:10 Pre-Run: 12,713,025,536 bytes free Post-Run: 12,989,534,208 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 16739F67CA7F752B041DB47DA9BDFCE5 DDS run just now after running combofix DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 11:16:55.84 on 09/06/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT 1:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://home.bt.yahoo.com/ uDefault_Search_URL = hxxp://srch-gb7.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [McAfee.InstantUpdate.Monitor] "c:\program files\mcafee\mcafee shared components\instant updater\RuLaunch.exe" /STARTMONITOR uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [KYE_Showicon] "c:\program files\usb storage rw\shwicon.exe" -t"kye\USB Storage RW" mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRunOnce: [sRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: arbitermt.co.uk\www Trusted Zone: filesmonster.com Trusted Zone: http Trusted Zone: uploaded.to Trusted Zone: uploading.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxd.cab DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://F:\IntraLaunch.CAB DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - hxxps://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37959.3170601852 DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxp://register.btinternet.com/templates/btwebcontrol023.cab TCP: {5F5AF907-6CC7-419E-8739-3F357B4758FA} = 194.74.65.69 194.72.9.34 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\laxxm14v.default\ FF - prefs.js: browser.startup.homepage - hxxp://dailystrength.org/home FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-18 214664] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-17 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-18 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-18 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-18 144704] R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [2003-12-3 37568] R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [2003-5-19 546560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [2003-12-3 444416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-17 20952] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-18 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-18 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-18 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-18 40552] R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2003-12-5 23696] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-18 34248] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408] S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?] =============== Created Last 30 ================ 2010-06-09 09:37:52 0 d-sha-r- C:\cmdcons 2010-06-09 09:25:15 77312 ----a-w- c:\windows\MBR.exe 2010-06-09 09:25:15 256512 ----a-w- c:\windows\PEV.exe 2010-06-09 09:25:15 161792 ----a-w- c:\windows\SWREG.exe 2010-06-09 09:25:14 98816 ----a-w- c:\windows\sed.exe 2010-06-06 10:37:41 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-05 16:23:02 0 d-----w- c:\program files\common files\PC Tools ==================== Find3M ==================== 2010-06-09 09:47:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-09 09:47:15 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 19:43:53 276591 ----a-w- c:\windows\CUBE Demo Uninstaller.exe 2007-06-16 12:33:57 475844 -c--a-w- c:\program files\OggDS0995.exe 2007-06-15 08:36:37 1207026 -c--a-w- c:\program files\wrar370.exe 2004-01-24 22:17:01 10012 -c--a-w- c:\program files\ambt.dat 2002-11-11 13:56:56 155648 -c--a-w- c:\program files\common files\MTron Sounds Installer.exe 2008-08-21 11:38:49 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat ============= FINISH: 11:17:33.29 =============== finally, I've attached, attach Attach.zip
  23. Not bumping..but after something like the 9th attempt I got gmer to work, see attached zip ark.zip
  24. hi, I'm sorry, I actually have another thread. I did manage to part post a log but for some reason kept getting those unable to connect and also I did not see that post had actually worked. I have to keep reloading pages to see replies. So I have another thread and suggest you close this one. sorry for the confusion, the problems I'm having with the pc are making the simplest thing online almost impossible.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.