Jump to content

Internet Security 2010 Virus


fransen
 Share

Recommended Posts

I have this virus on my computer.

I was running Avast Home Free edition at the time but of course it has been disengaged.

I am on my laptop now as I can't get windows to load. I run XP Home and every time I reboot it keeps taking me to the DOS screen and I am forced to enter in Safe Mode.

Even in Safe Mode with networking, I cannot access the internet.

I have located the main file in program files and deleted it permanently.

I found this (c:\WINDOWS\system32\41.exe) to be the only other item associated with the virus according to bleebmycomputer.

I can't delete "41" because it says that another person or program is currently using it.

Would it be helpful to load malwarebytes on a flash drive and install on my desktop (if so, how the heck would I do that?).

I think that once I am able to access the internet again I will be able to fix the rest, but until them I am stumped.

BTW, I'm not extremely computer smart so try to dumb it down if you can.

Thanks for any help. My fellow slickdealers have highly recommended this program and I will definitely get the lifetime version if I can ever get my computer to work again.

Link to post
Share on other sites

I have this virus on my computer.

I was running Avast Home Free edition at the time but of course it has been disengaged.

I am on my laptop now as I can't get windows to load. I run XP Home and every time I reboot it keeps taking me to the DOS screen and I am forced to enter in Safe Mode.

Even in Safe Mode with networking, I cannot access the internet.

I have located the main file in program files and deleted it permanently.

I found this (c:\WINDOWS\system32\41.exe) to be the only other item associated with the virus according to bleebmycomputer.

I can't delete "41" because it says that another person or program is currently using it.

Would it be helpful to load malwarebytes on a flash drive and install on my desktop (if so, how the heck would I do that?).

I think that once I am able to access the internet again I will be able to fix the rest, but until them I am stumped.

BTW, I'm not extremely computer smart so try to dumb it down if you can.

Thanks for any help. My fellow slickdealers have highly recommended this program and I will definitely get the lifetime version if I can ever get my computer to work again.

EDIT: I HAVE DELETED THE LAST KNOWN FILE ASSOCIATED WITH THIS VIRUS AND WAS ABLE TO RUN SOME TESTS BY LOADING CCD AND ROOTKIT TO MY FLASH DRIVE AND THEN BURNING IT TO CD ON MY INFECTED COMPUTER.

I'M EXHAUSTED AND GOING TO BED BUT LET ME KNOW IF ANYONE SEES ANYTHING THAT CAN HELP. THANKS.

HERE'S WHAT I GOT:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 7/18/2004 6:40:26 PM

System Uptime: 2/14/2010 12:01:37 AM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut

Processor: AMD Athlon XP 3000+ | Socket A | 2099/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 123.672 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.691 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1611: 12/27/2009 11:14:03 PM - System Checkpoint

RP1612: 12/29/2009 12:01:21 AM - System Checkpoint

RP1613: 12/30/2009 12:39:17 AM - System Checkpoint

RP1614: 12/31/2009 12:47:51 AM - System Checkpoint

==== Installed Programs ======================

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Reader 8.1.4

Adobe Shockwave Player

Agere Systems PCI Soft Modem

Amazon Unbox Video

AudibleManager

BitTorrent 3.4.2

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window MC 5 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

CCleaner

Combined Community Codec Pack 2009-09-09

Compaq Connections

Compaq Instant Support

dcmsvc 1.0

Driver Detective

Enhanced Multimedia Keyboard Solution

ESPN RunTime

Facebook Plug-In

Google Talk Plugin

Google Toolbar for Internet Explorer

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

hp deskjet 3600

HP Driver Diagnostics

hp instant support

hp officejet 6100 series

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp officejet 6100 series

hp print screen utility

HP Update

HpSdpAppCoreApp

J2SE Runtime Environment 5.0 Update 11

Java 6 Update 11

Java 6 Update 3

Java 6 Update 7

LiveUpdate 3.0 (Symantec Corporation)

Logitech Desktop Messenger

Logitech Harmony Remote Software 7

Macromedia Flash Player

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Move Networks Media Player for Internet Explorer

MovieEdit Task

Mozilla Firefox (3.5.7)

MSN

MSN Toolbar

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

My DSC

overland

PhotoStitch

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

RAW Image Task 2.1

RealPlayer

RecordNow!

RelevantKnowledge

Remote Control USB Driver

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

S3GSetup

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Sonic Update Manager

SoulSeek Client 156c

Sportsbook.com

Symantec KB-DocID:2003093015493306

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VIA Rhine-Family Fast Ethernet Adapter

VIA/S3G Display Driver

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Viewpoint Toolbar

Warner Bros. Digital Copy Manager

WebFldrs XP

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Search Protection

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/14/2010 12:35:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

2/13/2010 8:33:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

2/13/2010 7:37:50 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The specified driver is invalid.

2/13/2010 7:37:50 PM, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The specified driver is invalid.

2/13/2010 7:36:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 eeCtrl Fips

2/13/2010 7:36:58 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.

2/13/2010 7:36:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2010 7:36:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2010 7:35:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/13/2010 7:11:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2/13/2010 6:27:07 PM, error: Service Control Manager [7001] - The QoS RSVP service depends on the AFD Networking Support Environment service which failed to start because of the following error: The specified driver is invalid.

2/13/2010 6:02:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

2/13/2010 6:00:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK7 aswSP aswTdi eeCtrl Fips

2/13/2010 5:52:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK7 aswSP aswTdi eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

2/13/2010 5:52:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2010 5:52:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2010 5:52:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2010 5:51:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

2/13/2010 5:48:45 PM, error: Service Control Manager [7000] - The hpdj service failed to start due to the following error: The system cannot find the file specified.

2/13/2010 5:37:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.

2/13/2010 5:37:20 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

AND HERE IS THE OTHER:

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Owner at 1:30:22.89 on Sun 02/14/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1239 [GMT -6:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

K:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.slickdeals.net/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=localhost:1439

uInternet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;forums.slickdeals.net;magsforless.com;msa_e1.ebay.co

m;rhapsody_app*.listen.com;walmart.com;www.yahoo.com;localhost;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

mWinlogon: Userinit=c:\windows\system32\winlogon32.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll

TB: AdSubtract Toolbar: {f14aabdd-0232-4e5a-9b52-4178ac0a62b5} - c:\windows\system32\adsubtb.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [smss32.exe] c:\windows\system32\smss32.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [smss32.exe] c:\windows\system32\smss32.exe

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [VTTimer] VTTimer.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [LimeShop] c:\program files\limeshop\limeshoprun.exe /cp:p "c:\program files\limeshop\system\code" main lp: "c:\program files\LimeShop"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [DIGStream] c:\program files\digstream\digstream.exe

mRun: [DIGServices] c:\program files\espnruntime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adsubt~1.lnk - c:\AdSub.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\warner~1.lnk - c:\documents and settings\owner\my documents\my videos\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\j2live~1.lnk - c:\program files\j2 messenger plus 3.3\J2GDllCmd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\j2tray~1.lnk - c:\program files\j2 messenger plus 3.3\J2GTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe

uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

Trusted Zone: cnn.com\www

Trusted Zone: is-software-download.com

Trusted Zone: is-software-download25.com

Trusted Zone: is10-soft-download.com

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab

DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 85.255.112.99,85.255.112.228

TCP: {21F99EDF-818D-4FE7-BE6D-E362A755ADC9} = 85.255.112.99,85.255.112.228

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\p1syvff8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.slickdeals.net/

FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\p1syvff8.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-27 1251720]

=============== Created Last 30 ================

2010-02-14 07:08:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-14 07:07:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 07:07:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-14 07:07:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-14 02:54:22 0 d-----w- c:\windows\LastGood.Tmp

2010-02-14 01:48:38 0 ----a-w- c:\windows\system32\IS15.exe

2010-02-13 23:43:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-02-13 23:29:39 0 ----a-w- c:\windows\system32\32391.exe

2010-02-13 23:09:39 0 ----a-w- c:\windows\system32\5436.exe

2010-02-13 22:49:39 0 ----a-w- c:\windows\system32\4827.exe

2010-02-13 22:29:38 0 ----a-w- c:\windows\system32\11942.exe

2010-02-13 22:09:38 0 ----a-w- c:\windows\system32\2995.exe

2010-02-13 21:49:38 0 ----a-w- c:\windows\system32\491.exe

2010-02-13 21:29:37 0 ----a-w- c:\windows\system32\9961.exe

2010-02-13 21:09:36 0 ----a-w- c:\windows\system32\16827.exe

2010-02-13 20:49:36 0 ----a-w- c:\windows\system32\23281.exe

2010-02-13 20:29:36 0 ----a-w- c:\windows\system32\28145.exe

2010-02-13 20:09:35 0 ----a-w- c:\windows\system32\5705.exe

2010-02-13 19:49:35 0 ----a-w- c:\windows\system32\24464.exe

2010-02-13 19:29:35 0 ----a-w- c:\windows\system32\26962.exe

2010-02-13 19:09:34 0 ----a-w- c:\windows\system32\29358.exe

2010-02-13 18:49:34 0 ----a-w- c:\windows\system32\11478.exe

2010-02-13 18:29:34 0 ----a-w- c:\windows\system32\15724.exe

2010-02-13 18:09:33 0 ----a-w- c:\windows\system32\19169.exe

2010-02-13 17:49:33 0 ----a-w- c:\windows\system32\26500.exe

2010-02-13 17:29:32 0 ----a-w- c:\windows\system32\6334.exe

2010-02-13 17:09:32 0 ----a-w- c:\windows\system32\18467.exe

2010-02-13 16:49:21 0 ----a-w- c:\windows\system32\helper32.dll

2010-02-13 16:49:06 3310 ----a-w- c:\windows\system32\warning.html

2010-02-13 16:49:05 40960 ----a-w- c:\windows\system32\winlogon32.exe

2010-02-13 16:49:05 40960 ----a-w- c:\windows\system32\smss32.exe

2010-02-13 16:49:03 40960 ----a-w- C:\U.exe

2010-02-10 19:49:34 0 d-----w- c:\program files\JL_Cmder

2010-02-09 21:29:25 0 d-----w- c:\docume~1\owner\applic~1\Facebook

==================== Find3M ====================

2010-02-13 23:59:00 276992 ----a-w- c:\windows\system32\drivers\afd.sys

2005-12-18 05:42:09 327680 ----a-w- c:\program files\WebInstaller.exe

2005-09-22 01:30:40 78830 ----a-w- c:\program files\nuvspittinjury.JPG

2005-09-10 21:43:46 34211008 ----a-w- c:\program files\iTunesSetup.exe

2005-08-25 06:55:40 361544078 ----a-w- c:\program files\GTA2INSTALLER.ZIP

2005-08-12 01:22:06 10958640 ----a-w- c:\program files\GoogleEarth.exe

2005-07-13 01:08:38 61952 ----a-w- c:\program files\Hansen_Conv_Approval_Letter.DOC

2005-05-28 22:10:12 2130 ----a-w- c:\program files\file.txt

2009-07-26 00:47:04 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-10-12 16:18:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101220081013\index.dat

============= FINISH: 1:30:32.96 ===============

Link to post
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.