Jump to content

fntac

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. fntac
    It seems as though the malware is gone. I can now: -go to windows update.com -open Chrome -have not experienced Google redirect yet -windows defender is able to update definitions automatically ComboFix Log: ComboFix 10-06-15.02 - Administrator 06/15/2010 21:29:09.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3225 [GMT -5:00] Running from: c:\documents and settings\phaxayr\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4DA48831-A43A-4472-9925-4A0F5DA9EB47} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\ipconfig.txt c:\windows\system32\st326159.dll ----- BITS: Possible infected sites ----- hxxp://wsus.calabrio.com Infected copy of c:\windows\system32\drivers\dmio.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 ))))))))))))))))))))))))))))))) . 2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-06-14 21:06 . 2010-06-14 21:06 -------- d-----w- c:\program files\CCleaner 2010-06-12 23:56 . 2010-06-12 23:56 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2010-06-11 03:46 . 2010-06-11 03:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2010-06-11 03:46 . 2010-06-11 03:46 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software 2010-06-11 03:45 . 2010-06-11 03:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson 2010-06-10 17:01 . 2010-06-11 02:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-10 15:16 . 2010-06-14 07:43 -------- d-----w- c:\windows\system32\NtmsData 2010-06-09 16:52 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 06:16 . 2010-06-09 03:41 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-09 03:41 . 2010-06-09 03:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-09 03:41 . 2010-06-09 03:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-09 03:30 . 2010-06-09 03:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-09 03:30 . 2010-06-09 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-09 03:30 . 2010-06-09 03:31 -------- d-----w- c:\program files\Lavasoft 2010-06-09 03:08 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-09 03:08 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-09 03:08 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-09 03:08 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-09 03:08 . 2010-06-09 03:08 -------- d-----w- c:\program files\Avira 2010-06-09 03:08 . 2010-06-09 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-08 15:15 . 2010-06-08 15:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-08 15:15 . 2010-06-08 15:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-06-07 23:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 23:09 . 2010-06-07 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-07 23:09 . 2010-06-07 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 23:09 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-05 15:14 . 2010-06-05 15:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-06-02 00:42 . 2010-06-02 00:42 -------- d-----w- c:\program files\BitTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-16 02:48 . 2008-12-09 16:37 243505 ----a-w- c:\windows\system32\nvModes.dat 2010-06-16 02:44 . 2010-05-05 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-06-16 02:44 . 2010-05-05 15:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2010-06-15 19:40 . 2010-01-25 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-15 19:38 . 2010-01-26 01:16 -------- d-----w- c:\program files\Microsoft Works 2010-06-15 19:37 . 2010-01-26 01:16 -------- d-----w- c:\program files\MSBuild 2010-06-14 19:06 . 2008-12-17 17:19 -------- d-----w- c:\program files\Java 2010-06-11 03:46 . 2008-12-17 16:31 72392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-11 02:19 . 2008-12-17 17:19 -------- d-----w- c:\program files\Common Files\Java 2010-06-10 15:33 . 2008-12-17 17:20 -------- d-----w- c:\program files\Trend Micro 2010-05-21 19:14 . 2010-01-26 01:06 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-16 05:40 . 2010-05-16 05:40 -------- d-----w- c:\program files\Lame for Audacity 2010-05-15 22:27 . 2010-05-15 22:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2010-05-09 15:47 . 2010-02-05 19:46 -------- d-----w- c:\program files\Vuze 2010-05-06 10:41 . 2008-04-14 11:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 15:20 . 2010-05-05 15:20 -------- d-----w- c:\program files\Common Files\VMware 2010-05-05 15:20 . 2010-05-05 15:20 -------- d-----w- c:\program files\VMware 2010-05-02 05:22 . 2008-04-14 07:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2008-04-14 11:39 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 03:23 . 2010-04-20 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2010-04-19 13:23 . 2010-01-27 15:19 -------- d-----w- c:\program files\Common Files\CAD 2010-04-18 22:54 . 2010-04-16 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-04-18 22:54 . 2010-04-16 03:39 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-03 16:39 . 2010-02-03 16:39 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2010-04-26 13:49 . 2010-02-03 16:39 239488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-02-03 16:39 . 2010-02-03 16:39 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2010-04-19 19:57 . 2010-04-19 19:57 27448 ----a-w- c:\program files\mozilla firefox\plugins\atsc3cls.dll 2010-02-04 20:58 . 2010-02-03 16:39 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2010-02-03 16:54 . 2010-02-03 16:54 32768 ----a-w- c:\program files\mozilla firefox\plugins\ptexmeet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2010-04-25 275768] "PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2010-06-07 247096] "Google Update"="c:\documents and settings\phaxayr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-28 13537280] "NVHotkey"="nvHotkey.dll" [2008-06-28 90112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-28 86016] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-03-05 718120] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 417792] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2005-06-19 18:01 24669 ----a-w- c:\windows\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2266326540-3222975279-1551281842-1709\Scripts\Logon\0\0] "Script"=Printer_inventory_script.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2266326540-3222975279-1551281842-1709\Scripts\Logon\0\1] "Script"=Quick_Hardware_Inventory.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Documents and Settings\\phaxayr\\My Documents\\Software\\eclipse_Java\\eclipse.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Proxy Networks\\PROXY Pro Host\\PhSvc.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\xampp\\apache\\bin\\httpd.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\xampp\\tomcat\\jre\\bin\\javaw.exe"= "c:\\xampp\\MercuryMail\\mercury.exe"= "c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1337:TCP"= 1337:TCP:192.168.1.107 "23729:TCP"= 23729:TCP:Trend Micro OfficeScan Listener R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/8/2010 10:41 PM 64288] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [4/1/2010 10:20 AM 2234320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/8/2010 10:08 PM 135336] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [9/6/2007 7:29 PM 35692] R2 ciCqmRecord;Quality Management Desktop Recording Service;c:\program files\Calabrio\WFO_QM\bin\sqmservice.exe [2/17/2010 10:36 PM 1966080] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [4/1/2010 10:19 AM 36400] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 5:35 PM 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 5:35 PM 20840] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832] R2 QMPD;Quality Management Packet Driver;c:\windows\system32\drivers\qmpd.sys [6/30/2009 9:07 AM 19712] R2 SPCD;Spanlink Packet Capture Driver;c:\windows\system32\drivers\spcd.sys [8/25/2008 11:06 AM 18048] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [12/21/2007 4:46 PM 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [12/21/2007 4:46 PM 36368] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [4/1/2010 10:19 AM 109072] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [4/1/2010 10:19 AM 671408] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/9/2008 11:26 AM 112512] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [12/30/2008 11:56 AM 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [12/30/2008 11:56 AM 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [12/9/2008 11:33 AM 240344] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [12/9/2008 11:30 AM 144672] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [12/9/2008 11:30 AM 277504] R3 ProxyHostInputFilter;PROXY Pro Host Input Filter;c:\windows\system32\drivers\ph32ifil.sys [1/13/2010 7:16 PM 14416] S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [12/9/2008 11:30 AM 148056] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [11/30/2007 6:29 PM 652552] . Contents of the 'Scheduled Tasks' folder 2010-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:16] 2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2266326540-3222975279-1551281842-1709Core.job - c:\documents and settings\phaxayr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 21:58] 2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2266326540-3222975279-1551281842-1709UA.job - c:\documents and settings\phaxayr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 21:58] 2010-06-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://loop/tiki/tiki-index.php?page=HomePage IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\VMware\VMware Player\vsocklib.dll Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\phaxayr\Application Data\Mozilla\Firefox\Profiles\343ql3un.default\ FF - component: c:\documents and settings\phaxayr\Application Data\Mozilla\Firefox\Profiles\343ql3un.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\program files\WebEx\Productivity Tools\components\ocff.dll FF - plugin: c:\documents and settings\phaxayr\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-15 21:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql] "ImagePath"="c:\mysql\bin\mysqld-nt" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4404) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Proxy Networks\PROXY Pro Host\phsvc.exe c:\windows\system32\vmnat.exe c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\program files\VMware\VMware Player\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\TEMP\PS5B85.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\program files\Proxy Networks\PROXY Pro Host\PhSession.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\WebEx\Productivity Tools\ptSrv.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2010-06-15 21:59:12 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-16 02:58 Pre-Run: 155,137,687,552 bytes free Post-Run: 155,188,391,936 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 4F6383219D4206B7B7DEBE3726B6EACD
  2. fntac
    Hi, MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4198 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/14/2010 9:01:10 PM mbam-log-2010-06-14 (21-01-10).txt Scan type: Quick scan Objects scanned: 159227 Time elapsed: 25 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS Log: DDS (Ver_10-03-17.01) - NTFSx86 Run by phaxayr at 17:41:24.06 on Mon 06/14/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2622 [GMT -5:00] AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4DA48831-A43A-4472-9925-4A0F5DA9EB47} AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Proxy Networks\PROXY Pro Host\phsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\TEMP\KF347.EXE C:\WINDOWS\system32\vmnat.exe C:\Program Files\Calabrio\WFO_QM\bin\sqmservice.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Proxy Networks\PROXY Pro Host\PhSession.exe C:\Program Files\Proxy Networks\PROXY Pro Host\PhTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WebEx\Productivity Tools\PTIM.exe C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe C:\Program Files\WebEx\Productivity Tools\ptSrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\phaxayr\Local Settings\Temporary Internet Files\Content.IE5\BI3M5DD4\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://loop/tiki/tiki-index.php?page=HomePage BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe uRun: [PTOneClick] c:\program files\webex\productivity tools\ptoneclk.exe /AutoRunning="2" mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2 mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\vmware\vmware player\vsocklib.dll Trusted Zone: intuit.com\ttlc DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://calabrio.webex.com/client/upgradeserver/client/ptool/T27L10NSP11EP9-4776/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: ckpNotify - ckpNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\phaxayr\applic~1\mozilla\firefox\profiles\343ql3un.default\ FF - component: c:\documents and settings\phaxayr\application data\mozilla\firefox\profiles\343ql3un.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\program files\webex\productivity tools\components\ocff.dll FF - plugin: c:\documents and settings\phaxayr\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-8 64288] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-8 11608] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2010-4-1 2234320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-8 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-8 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-8 60936] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2007-9-6 35692] R2 ciCqmRecord;Quality Management Desktop Recording Service;c:\program files\calabrio\wfo_qm\bin\sqmservice.exe [2010-2-17 1966080] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2010-4-1 36400] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320] R2 QMPD;Quality Management Packet Driver;c:\windows\system32\drivers\qmpd.sys [2009-6-30 19712] R2 SPCD;Spanlink Packet Capture Driver;c:\windows\system32\drivers\spcd.sys [2008-8-25 18048] R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-12-21 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-12-21 36368] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-22 70704] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2010-4-1 109072] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2010-4-1 671408] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-9 112512] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-12-30 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-12-30 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-9 240344] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-12-9 144672] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-12-9 277504] R3 ProxyHostInputFilter;PROXY Pro Host Input Filter;c:\windows\system32\drivers\ph32ifil.sys [2010-1-13 14416] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760] S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-12-9 148056] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-11-30 652552] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-06-14 21:06:10 0 d-----w- c:\program files\CCleaner 2010-06-10 17:01:02 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-10 15:16:35 0 d-----w- c:\windows\system32\NtmsData 2010-06-09 16:52:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 06:16:21 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-09 06:09:17 0 d-----w- c:\docume~1\phaxayr\applic~1\Avira 2010-06-09 03:41:35 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-09 03:41:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-09 03:30:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-09 03:30:47 0 d-----w- c:\program files\Lavasoft 2010-06-09 03:08:15 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-09 03:08:14 0 d-----w- c:\program files\Avira 2010-06-09 03:08:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-07 23:09:30 0 d-----w- c:\docume~1\phaxayr\applic~1\Malwarebytes 2010-06-07 23:09:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 23:09:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-07 23:09:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-07 23:09:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 19:09:55 0 d-----w- c:\docume~1\phaxayr\applic~1\Foxit Software 2010-06-02 00:42:31 0 d-----w- c:\docume~1\phaxayr\applic~1\BitTorrent 2010-06-02 00:42:25 0 d-----w- c:\program files\BitTorrent 2010-05-16 05:40:07 0 d-----w- c:\program files\Lame for Audacity ==================== Find3M ==================== 2010-06-14 13:18:14 243529 ----a-w- c:\windows\system32\nvModes.dat 2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll ============= FINISH: 17:42:52.71 =============== Thank you for your help.
  3. fntac
    Hi guys, I have been going nuts trying to remove this virus. Here are the symptoms: -IE and Firefox are redirected to various website's search.php pages (ie. www.variousnames/search.php). This happens mostly when clicking links from Google searches. Note: if absolute url addresses are used, the redirect does not occur. -Random pop-ups if browser is open (various websites opening in a new window). -MS Outlook randomly crashes. -Certain MS Outlook can't be accessed. -Redirect occurs even in safe mode. -windows update can not be accessed. -windows defender update can not be done automatically. Troubleshooting performed: Ran full scan with: -Windows Defender (with manual definition updates) -Antivir Antivirus (in safe mode) -Malware-Bytes (in safe mode) -Uninstalled Java JRE 1.5 and installed 1.6 Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:28:37 PM, on 6/14/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Proxy Networks\PROXY Pro Host\phsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\TEMP\OJ1EA5.EXE C:\WINDOWS\system32\vmnat.exe C:\Program Files\Calabrio\WFO_QM\bin\sqmservice.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Proxy Networks\PROXY Pro Host\PhSession.exe C:\Program Files\Proxy Networks\PROXY Pro Host\PhTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WebEx\Productivity Tools\PTIM.exe C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WebEx\Productivity Tools\ptSrv.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Cisco\Desktop\bin\agent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\CCleaner\ccleaner.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\phaxayr\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loop/tiki/tiki-index.php?page=HomePage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidEM?cli...1=7&p2=tour O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" /mode2 O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2" O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://calabrio.webex.com/client/upgradese...776/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Calabrio.ld O17 - HKLM\Software\..\Telephony: DomainName = Calabrio.ld O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Calabrio.ld O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Quality Management Desktop Recording Service (ciCqmRecord) - Calabrio Inc. - C:\Program Files\Calabrio\WFO_QM\bin\sqmservice.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PROXY Pro Host Service (ProxyHostService) - Proxy Networks, Inc. - C:\Program Files\Proxy Networks\PROXY Pro Host\phsvc.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 16139 bytes Thank you very much for your help!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.