Jump to content

Recommended Posts

Hello,

First of all thanks for any help/advice you can provide me. I am on my Dell desktop and have been infected with xp antivirus 2010 about 5 consecutive times. I am up to date with the latest Malwarebytes and have done scans to remove it each time. It will appear to be alright for a couple of days, until the virus returns again. Here are the logs that you have requested and again, thanks for your time and help.

-Donna

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/2/2010 2:27:44 PM

mbam-log-2010-04-02 (14-27-44).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 163320

Time elapsed: 32 minute(s), 36 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bandlady at 14:33:34.12 on Fri 04/02/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.385 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Bandlady\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

ark.zip

Attach.zip

Link to post
Share on other sites

Hello. :)

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent some tools from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

------------

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hi! Thanks so much for your prompt response. I disabled TeaTimer and here are the logs that you requested.

ComboFix 10-04-01.02 - Bandlady 04/02/2010 18:50:48.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.766 [GMT -4:00]

Running from: c:\documents and settings\Bandlady\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Bandlady\Local Settings\Application Data\{C9E9E8EE-7AA3-4586-9C26-6B96AA3FA099}

c:\documents and settings\Bandlady\Local Settings\Application Data\{C9E9E8EE-7AA3-4586-9C26-6B96AA3FA099}\chrome.manifest

c:\documents and settings\Bandlady\Local Settings\Application Data\{C9E9E8EE-7AA3-4586-9C26-6B96AA3FA099}\chrome\content\_cfg.js

c:\documents and settings\Bandlady\Local Settings\Application Data\{C9E9E8EE-7AA3-4586-9C26-6B96AA3FA099}\chrome\content\overlay.xul

c:\documents and settings\Bandlady\Local Settings\Application Data\{C9E9E8EE-7AA3-4586-9C26-6B96AA3FA099}\install.rdf

c:\windows\AppPatch\AcAdProc.dll

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\system32\curity~1

c:\windows\system32\drivers\fad.sys

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :)

.

((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))

.

2010-04-02 22:13 . 2010-04-02 22:13 388096 ----a-r- c:\documents and settings\Bandlady\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-04-02 22:13 . 2010-04-02 22:13 -------- d-----w- c:\program files\TrendMicro

2010-03-31 15:18 . 2010-03-31 15:18 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-28 00:24 . 2010-03-28 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2010-03-28 00:24 . 2010-03-28 00:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2010-03-27 01:11 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-27 01:11 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-27 00:39 . 2010-03-27 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-03-11 13:18 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-02 22:30 . 2009-11-29 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-02 22:30 . 2009-06-02 17:05 -------- d-----w- c:\program files\AVG

2010-04-02 13:50 . 2010-02-25 15:19 0 ----a-w- c:\documents and settings\Bandlady\Local Settings\Application Data\prvlcl.dat

2010-04-01 02:26 . 2004-01-28 16:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-31 15:52 . 2004-07-14 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-31 15:21 . 2009-06-02 17:09 -------- d-----w- c:\program files\CCleaner

2010-03-31 15:18 . 2010-01-08 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-22 13:27 . 2004-01-28 16:57 -------- d-----w- c:\program files\Modem Helper

2010-01-29 12:57 . 2010-01-20 01:26 0 ----a-w- c:\windows\Mricahowil.bin

2010-01-29 12:57 . 2010-01-20 01:26 120 ----a-w- c:\windows\Gwudogisey.dat

2010-01-07 13:33 . 2009-06-30 13:03 38208 ----a-w- c:\documents and settings\Bandlady\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-06-02 16:59 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S3 VAPSpy;VAPSpy;\??\c:\program files\Common Files\WinSoftware\VAPSpy.SYS --> c:\program files\Common Files\WinSoftware\VAPSpy.SYS [?]

.

Contents of the 'Scheduled Tasks' folder

2004-02-04 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{6C8CFF52-5244-4E20-9804-72B3CC883E3B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?o=20011&l=dis

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: aol.com\free

FF - ProfilePath - c:\documents and settings\Bandlady\Application Data\Mozilla\Firefox\Profiles\og4r9c14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=

FF - plugin: c:\documents and settings\Bandlady\Application Data\Move Networks\plugins\npqmp071505000010.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-02 18:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell AIO Printer A940\dlbabmon.exe

.

**************************************************************************

.

Completion time: 2010-04-02 19:02:03 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-02 23:02

Pre-Run: 99,973,595,136 bytes free

Post-Run: 100,523,356,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 5B74BE74CD86825F4BFFAC33461BAA8D

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 6:30:52 PM, on 4/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1990b1125eb627...ip/RdxIE601.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--

End of file - 6659 bytes

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\Gwudogisey.dat

c:\windows\Mricahowil.bin

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Link to post
Share on other sites

ComboFix 10-04-01.02 - Bandlady 04/03/2010 15:22:44.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -4:00]

Running from: c:\documents and settings\Bandlady\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Bandlady\Desktop\cfscript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"c:\windows\Gwudogisey.dat"

"c:\windows\Mricahowil.bin"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Gwudogisey.dat

c:\windows\Mricahowil.bin

.

((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))

.

2010-04-03 03:26 . 2010-04-03 03:26 -------- d-----w- c:\program files\Avira

2010-04-02 22:13 . 2010-04-02 22:13 388096 ----a-r- c:\documents and settings\Bandlady\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-04-02 22:13 . 2010-04-02 22:13 -------- d-----w- c:\program files\TrendMicro

2010-03-31 15:18 . 2010-03-31 15:18 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-28 00:24 . 2010-03-28 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2010-03-28 00:24 . 2010-03-28 00:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2010-03-27 01:11 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-27 01:11 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-27 00:39 . 2010-03-27 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-03-11 13:18 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-02 22:30 . 2009-11-29 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-02 22:30 . 2009-06-02 17:05 -------- d-----w- c:\program files\AVG

2010-04-02 13:50 . 2010-02-25 15:19 0 ----a-w- c:\documents and settings\Bandlady\Local Settings\Application Data\prvlcl.dat

2010-04-01 02:26 . 2004-01-28 16:46 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-03-31 15:52 . 2004-07-14 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-31 15:21 . 2009-06-02 17:09 -------- d-----w- c:\program files\CCleaner

2010-03-31 15:18 . 2010-01-08 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-22 13:27 . 2004-01-28 16:57 -------- d-----w- c:\program files\Modem Helper

2010-01-07 13:33 . 2009-06-30 13:03 38208 ----a-w- c:\documents and settings\Bandlady\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-04-02_22.58.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2010-04-03 11:43 . 2010-04-03 11:43 16384 c:\windows\Temp\Perflib_Perfdata_108.dat

+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2010-04-03 03:25 . 2010-04-03 03:25 219648 c:\windows\Installer\f5afa5.msi

+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-06-02 16:59 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S3 VAPSpy;VAPSpy;\??\c:\program files\Common Files\WinSoftware\VAPSpy.SYS --> c:\program files\Common Files\WinSoftware\VAPSpy.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - avgio

*Deregistered* - avipbb

.

Contents of the 'Scheduled Tasks' folder

2004-02-04 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

2010-04-03 c:\windows\Tasks\User_Feed_Synchronization-{6C8CFF52-5244-4E20-9804-72B3CC883E3B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?o=20011&l=dis

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: aol.com\free

FF - ProfilePath - c:\documents and settings\Bandlady\Application Data\Mozilla\Firefox\Profiles\og4r9c14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=

FF - plugin: c:\documents and settings\Bandlady\Application Data\Move Networks\plugins\npqmp071505000010.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-03 15:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2010-04-03 15:28:46

ComboFix-quarantined-files.txt 2010-04-03 19:28

ComboFix2.txt 2010-04-02 23:02

Pre-Run: 100,473,290,752 bytes free

Post-Run: 100,431,396,864 bytes free

- - End Of File - - BE96AF85356ECD319E5F605D02332637

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 3:38:17 PM, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--

End of file - 6211 bytes

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/4/2010 2:25:28 PM

mbam-log-2010-04-04 (14-25-28).txt

Scan type: Quick scan

Objects scanned: 110105

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.