this is the attach .com file UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-27.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2/23/2005 12:03:05 PM System Uptime: 11/26/2010 2:28:46 AM (44 hours ago) Motherboard: Intel Corporation | | D915GAG Processor: Intel® Pentium® 4 CPU 2.93GHz | J2E1 | 2933/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 72 GiB total, 30.634 GiB free. D: is FIXED (FAT32) - 5 GiB total, 1.671 GiB free. E: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP420: 8/30/2010 3:00:19 AM - Software Distribution Service 3.0 RP421: 8/31/2010 3:00:20 AM - Software Distribution Service 3.0 RP422: 9/1/2010 3:00:20 AM - Software Distribution Service 3.0 RP423: 9/2/2010 3:00:20 AM - Software Distribution Service 3.0 RP424: 9/3/2010 3:00:19 AM - Software Distribution Service 3.0 RP425: 9/4/2010 3:00:20 AM - Software Distribution Service 3.0 RP426: 9/5/2010 3:00:21 AM - Software Distribution Service 3.0 RP427: 9/6/2010 3:00:21 AM - Software Distribution Service 3.0 RP428: 9/7/2010 3:00:21 AM - Software Distribution Service 3.0 RP429: 9/8/2010 3:00:17 AM - Software Distribution Service 3.0 RP430: 9/9/2010 3:00:20 AM - Software Distribution Service 3.0 RP431: 9/10/2010 3:00:19 AM - Software Distribution Service 3.0 RP432: 9/11/2010 3:00:19 AM - Software Distribution Service 3.0 RP433: 9/12/2010 3:00:21 AM - Software Distribution Service 3.0 RP434: 9/13/2010 3:00:23 AM - Software Distribution Service 3.0 RP435: 9/14/2010 3:00:18 AM - Software Distribution Service 3.0 RP436: 9/15/2010 11:23:06 AM - System Checkpoint RP437: 9/16/2010 5:23:06 PM - System Checkpoint RP438: 9/18/2010 1:15:29 AM - System Checkpoint RP439: 9/18/2010 3:00:19 AM - Software Distribution Service 3.0 RP440: 9/19/2010 3:00:22 AM - Software Distribution Service 3.0 RP441: 9/20/2010 3:00:20 AM - Software Distribution Service 3.0 RP442: 9/21/2010 3:00:21 AM - Software Distribution Service 3.0 RP443: 9/22/2010 3:00:22 AM - Software Distribution Service 3.0 RP444: 9/23/2010 3:00:20 AM - Software Distribution Service 3.0 RP445: 9/24/2010 3:00:18 AM - Software Distribution Service 3.0 RP446: 9/25/2010 3:00:21 AM - Software Distribution Service 3.0 RP447: 9/26/2010 1:01:05 PM - System Checkpoint RP448: 9/27/2010 5:12:28 PM - System Checkpoint RP449: 9/28/2010 11:13:33 PM - System Checkpoint RP450: 9/30/2010 8:12:33 AM - System Checkpoint RP451: 10/1/2010 5:38:41 PM - System Checkpoint RP452: 10/2/2010 11:38:40 PM - System Checkpoint RP453: 10/4/2010 9:30:51 AM - System Checkpoint RP454: 10/5/2010 11:38:40 AM - System Checkpoint RP455: 10/6/2010 9:24:22 AM - Avg8 Update RP456: 10/7/2010 9:25:40 PM - Software Distribution Service 3.0 RP457: 10/8/2010 9:07:26 PM - Software Distribution Service 3.0 RP458: 10/9/2010 3:00:23 AM - Software Distribution Service 3.0 RP459: 10/10/2010 3:00:18 AM - Software Distribution Service 3.0 RP460: 10/11/2010 3:00:20 AM - Software Distribution Service 3.0 RP461: 10/12/2010 3:00:22 AM - Software Distribution Service 3.0 RP462: 10/13/2010 9:15:57 AM - System Checkpoint RP463: 10/14/2010 3:15:57 PM - System Checkpoint RP464: 10/15/2010 9:15:57 PM - System Checkpoint RP465: 10/17/2010 6:40:19 PM - System Checkpoint RP466: 10/18/2010 3:00:21 AM - Software Distribution Service 3.0 RP467: 10/19/2010 3:00:21 AM - Software Distribution Service 3.0 RP468: 10/20/2010 8:24:26 AM - System Checkpoint RP469: 10/21/2010 11:04:29 AM - System Checkpoint RP470: 10/22/2010 5:04:29 PM - System Checkpoint RP471: 10/23/2010 3:00:21 AM - Software Distribution Service 3.0 RP472: 10/24/2010 3:00:18 AM - Software Distribution Service 3.0 RP473: 10/25/2010 3:00:19 AM - Software Distribution Service 3.0 RP474: 10/26/2010 3:00:18 AM - Software Distribution Service 3.0 RP475: 10/27/2010 3:00:27 AM - Software Distribution Service 3.0 RP476: 10/28/2010 12:50:29 PM - System Checkpoint RP477: 10/29/2010 6:40:55 PM - System Checkpoint RP478: 10/30/2010 10:35:03 PM - System Checkpoint RP479: 11/1/2010 8:04:53 PM - System Checkpoint RP480: 11/3/2010 8:23:51 AM - System Checkpoint RP481: 11/4/2010 6:22:14 PM - System Checkpoint RP482: 11/6/2010 12:00:07 AM - System Checkpoint RP483: 11/6/2010 11:19:36 PM - System Checkpoint RP484: 11/9/2010 3:49:24 PM - System Checkpoint RP485: 11/11/2010 12:59:41 PM - System Checkpoint RP486: 11/12/2010 3:00:18 AM - Software Distribution Service 3.0 RP487: 11/13/2010 3:00:17 AM - Software Distribution Service 3.0 RP488: 11/14/2010 3:00:18 AM - Software Distribution Service 3.0 RP489: 11/15/2010 3:00:32 AM - Software Distribution Service 3.0 RP490: 11/16/2010 3:00:17 AM - Software Distribution Service 3.0 RP491: 11/17/2010 3:00:16 AM - Software Distribution Service 3.0 RP492: 11/18/2010 3:00:16 AM - Software Distribution Service 3.0 RP493: 11/19/2010 3:00:17 AM - Software Distribution Service 3.0 RP494: 11/20/2010 3:00:18 AM - Software Distribution Service 3.0 RP495: 11/21/2010 3:00:24 AM - Software Distribution Service 3.0 RP496: 11/22/2010 3:00:18 AM - Software Distribution Service 3.0 RP497: 11/23/2010 3:00:18 AM - Software Distribution Service 3.0 RP498: 11/24/2010 3:00:15 AM - Software Distribution Service 3.0 RP499: 11/25/2010 3:00:18 AM - Software Distribution Service 3.0 RP500: 11/26/2010 3:00:26 AM - Software Distribution Service 3.0 RP501: 11/27/2010 3:00:18 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== ABBYY FineReader 9.0 Sprint Adobe Acrobat 4.0 Adobe Flash Player 10 Plugin Adobe Reader 7.0.5 ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card ArcSoft Software Suite AVG Free 8.5 Best Buy Digital Music Store Big Fish Games Client BigFix Birth of Jesus Activity Center BlackBerry Desktop Software 4.7 Candy Land - Dora the Explorer Edition CardRd81 Cars - Radiator Springs Adventures CCScore CDDRV_Installer CR2 David and Goliath Diego`s Dinosaur Adventure DIGOpt DIGReqEx Diner Dash 2 Document Express DjVu Plug-in Download Accelerator Plus (DAP) DrawPlus 3.0 Dynex mini card reader Epson CreativeZone Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) EPSON NX300 Series Printer Uninstall EPSON Printer Software EPSON Scan EPSON Smart Panel ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt FMR Free Registry Defrag Google Toolbar for Internet Explorer HLPPDOCK Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB945060-v3) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) i2i-Systems Remote Install InCD EasyWrite Reader Intel® Graphics Media Accelerator Driver Intel® PRO Network Adapters and Drivers Java Auto Updater Java 6 Update 17 Jump Jump Jelly Reactor JumpStart Parent Resource Center v1.0 KhalInstallWrapper Kodak EasyShare software La Casa De Dora Learn2 Player (Uninstall Only) Logitech Desktop Messenger Logitech Registration Logitech SetPoint Malwarebytes' Anti-Malware MathPlayer McAfee Security Scan Plus McDonald's CBT Training Microsoft .NET Framework 2.0 Microsoft Digital Image Library 9 - Blocker Microsoft Encarta Encyclopedia Standard 2005 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Money 2005 Microsoft National Language Support Downlevel APIs Microsoft Picture It! Library 10 Microsoft Picture It! Premium 10 Microsoft Silverlight Microsoft Streets and Trips 2005 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Web Publishing Wizard 1.52 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Moses in Egypt Motorola Driver Installation Motorola USB Drivers Mozilla Firefox (3.5.3) MSN MSN Encarta Plus Support Files MSN Messenger 6.1 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MTP Porting Kit Nero BurnRights Nero OEM netbrdg Noah's Ark Activity Center OfotoXMI Photo Organizer PowerDVD PrintMaster Purrfect Pet Shop Quicken 2006 QuickLink Mobile RealPlayer Basic Realtek High Definition Audio Driver Rhapsody Player Engine Sansa Updater ScanToWeb Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) SFR SFR2 SHASTA Shockwave skin0001 SKINXSDK SoftV92 Data Fax Modem with SmartCP Spellagories SpongeBob SquarePants Diner Dash 2 staticcr Unity Web Player Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) V CAST Music with Rhapsody VC 9.0 Runtime Viewpoint Media Player VPRINTOL VZAccess Manager for RIM WebFldrs XP Windows Backup Utility Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 9 Series Power Toy - Ratings Migration Windows Media Player 9 Series TweakMP PowerToy Windows XP Service Pack 3 WIRELESS Wonder Pets Save the Puppy Works Upgrade Yahoo! Messenger Yahoo! Software Update ZoneAlarm ==== Event Viewer Messages From Past Week ======== 11/26/2010 2:32:09 AM, error: Service Control Manager [7034] - The EPSON V3 Service2(03) service terminated unexpectedly. It has done this 1 time(s). 11/24/2010 5:57:48 PM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 001111CE727C has been denied by the DHCP server 68.114.38.200 (The DHCP Server sent a DHCPNACK message). 11/20/2010 9:29:26 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 11/20/2010 7:29:46 PM, error: Dhcp [1002] - The IP address lease 97.89.79.173 for the Network Card with network address 001111CE727C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/20/2010 7:01:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86. ==== End Of File =========================== this is the dds file DDS (Ver_10-11-27.01) - NTFSx86 Run by Owner at 22:07:06.82 on Sat 11/27/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.372 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Local Settings\Application Data\vz.exe C:\WINDOWS\System32\mshta.exe c:\75d1b40c22b13c16bad209beccbe\dotnetfx35setup.exe c:\8f85bacb13d746d05c8c0b266199e1c4\setup.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe c:\c930d10db04b2c2fff65\dotnetfx35setup.exe c:\be59eab6ddf50f1ccaaf2cdd788372\setup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = uStart Page = hxxp://www.google.com/ uSearch Page = uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRunOnce: [OOBEDDDemise] cmd /x /c erase c:\windows\system32\oobe\msoobe.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "c:\windows\temp\E_S3B8.tmp" /EF "HKCU" dRunOnce: [RunNarrator] Narrator.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/shared/COMCTL32/6,0,80,22/ComCtl32.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {845C260B-A44B-49A3-86A6-71430B3000A0} - hxxps://www.mytelevox.com/mytestresults/cabs/TeleVoxAudioPlayer.CAB DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v46/luxor/luxor.cab DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v64/swapit/swapit.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2388128&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2388128&q= FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}\components\FFExternalAlert.dll FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}\components\RadioWMPCore.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox FF - Extension: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4} FF - Extension: Free Game Bar Toolbar: {6f094b04-2c69-4ff3-ac74-d9716e97e296} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Extension: AVG Security Toolbar em:version=3.011.025.005 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-11 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-11 297752] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-3-12 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-3-12 7680] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-3-12 22528] =============== File Associations =============== .exe=sezfile =============== Created Last 30 ================ 2010-11-27 08:00:37 -------- d-----w- C:\be59eab6ddf50f1ccaaf2cdd788372 2010-11-27 08:00:29 -------- d-----w- C:\c930d10db04b2c2fff65 2010-11-26 08:00:47 -------- d-----w- C:\8f85bacb13d746d05c8c0b266199e1c4 2010-11-26 08:00:41 -------- d-----w- C:\75d1b40c22b13c16bad209beccbe 2010-11-26 07:26:33 315904 --sha-w- c:\docume~1\owner\locals~1\applic~1\vz.exe 2010-11-25 08:00:43 -------- d-----w- C:\9d5125660aec31cafa39e8278c81 2010-11-25 08:00:36 -------- d-----w- C:\5ca2518aee380fb630a8a45e72 2010-11-25 00:05:01 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint 2010-11-25 00:05:00 -------- d-----w- c:\program files\common files\ABBYY 2010-11-25 00:05:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\ABBYY 2010-11-25 00:02:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\UDL 2010-11-25 00:01:50 -------- d-----w- c:\program files\Epson Software 2010-11-24 23:11:13 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2010-11-24 23:11:13 108704 ----a-w- c:\windows\system32\PICEntry.dll 2010-11-24 23:10:45 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL 2010-11-24 23:10:45 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL 2010-11-24 23:10:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\EPSON 2010-11-24 23:10:12 71680 ----a-w- c:\windows\system32\escwiad.dll 2010-11-24 08:00:41 -------- d-----w- C:\4f28a7ce4c85619457945998c95a4aa5 2010-11-24 08:00:33 -------- d-----w- C:\a266a15441344b8823017c 2010-11-23 08:00:44 -------- d-----w- C:\effa9a398b3b79fe52d7c71a22fe4640 2010-11-23 08:00:36 -------- d-----w- C:\e896e140a01c6276c3 2010-11-22 08:00:42 -------- d-----w- C:\5e60e4d9eadb8b9e91a3f8ae3621cc 2010-11-22 08:00:33 -------- d-----w- C:\e75a7ca70b89985feec7e3c49d4b5722 2010-11-21 08:00:47 -------- d-----w- C:\caf870a7a64642fcc78400 2010-11-21 08:00:41 -------- d-----w- C:\e706f9502496e951443e779da127c7f4 2010-11-20 08:00:44 -------- d-----w- C:\42eab3be3dd62b9baedbeb 2010-11-20 08:00:35 -------- d-----w- C:\0f9bd1f79a7422e1ed92fb7245a38859 2010-11-19 08:00:46 -------- d-----w- C:\38090dd04a85f89818 2010-11-19 08:00:38 -------- d-----w- C:\5afa556a7ca24f9d24a624 2010-11-18 15:24:58 252256 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{824bdb0b-1d3f-43d7-bf20-4fc726e0d112}\Icon_DjVuViewer.exe 2010-11-18 15:24:57 1680272 ----a-w- c:\program files\mozilla firefox\plugins\npdjvu.dll 2010-11-18 15:24:55 -------- d-----w- c:\program files\Caminova 2010-11-18 08:00:45 -------- d-----w- C:\5813bd383b53a9ee96 2010-11-18 08:00:38 -------- d-----w- C:\c9f1d6a25fa76fcf8454 2010-11-17 08:00:38 -------- d-----w- C:\22953a44a14017ec64c54f 2010-11-17 08:00:31 -------- d-----w- C:\b5035130cbf343710aa9d5b122e1 2010-11-16 08:00:40 -------- d-----w- C:\a433b98b53cf156aa4fd867c78 2010-11-16 08:00:32 -------- d-----w- C:\b0995b94f7360c8315 2010-11-15 08:00:49 -------- d-----w- C:\35cd89434fdecd18c9ec70006471 2010-11-15 08:00:41 -------- d-----w- C:\db4bf181cde4a54492c35930 2010-11-14 08:00:43 -------- d-----w- C:\b7c7ddd57beb7314ddd6f0c72d5bc539 2010-11-14 08:00:35 -------- d-----w- C:\a61f585be6f2d558959eba3b836c3b 2010-11-13 08:00:44 -------- d-----w- C:\7072a2f8dfd2753237 2010-11-13 08:00:37 -------- d-----w- C:\8f760064c77831825a4b0a2b67af7a36 2010-11-12 08:00:44 -------- d-----w- C:\ca9cd79162083e338bed8c 2010-11-12 08:00:37 -------- d-----w- C:\fdda769229efb9d6d39c8e081f68 ==================== Find3M ==================== 2010-10-07 01:42:00 2256 ----a-w- c:\docume~1\owner\applic~1\444.bat 2010-10-07 01:42:00 157 ----a-w- c:\docume~1\owner\applic~1\asdsada.bat =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: HDS722580VLSA80 rev.V32OA6MA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A096D01]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x894f685b; SUB DWORD [EBP-0x4], 0x894f612e; PUSH EDI; CALL 0xffffffffffffe0f7; } 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A08E030] 3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008a[0x8A0909E8] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A150D98] [0x8A03A5E8] -> IRP_MJ_CREATE -> 0x8A096D01 kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; } detected disk devices: \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskHDS722580VLSA80_________________________V32OA6MA#5&21f8ef21&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8A096AEA user & kernel MBR OK sectors 160836478 (+195): user != kernel Warning: possible TDL3 rootkit infection ! ============= FINISH: 22:08:36.42 ===============