Jump to content

searchmagnified.com pop-ups, OS bad behavior


Recommended Posts

I am getting searchmagnified.com pop-ups and pop-unders when using Chrome browser v5.0.375.38 on Windows XP Professional v2002 SP3.

Also getting alert system battery voltage low warning during boot, did not start until searchmagnified.com pop-ups started to appear.

Took multiple attempts to get GMER log, computer would crash and at one point needed two restarts before a successful reboot.

DDS and MBAM logs below. The other two logs are attached.

Thanks in advance for your help, I have upgraded to MBAM Pro.

==================================================

DDS (Ver_10-03-17.01) - NTFSx86

Run by sangredecomputador at 19:29:31.25 on Thu 05/13/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1009 [GMT -4:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Perl\bin\perl.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

C:\WINDOWS\system32\hpzipm12.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\sangredecomputador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll

BHO: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

uRun: [Google Update] "c:\documents and settings\sangredecomputador\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe

mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\sangredecomputador~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &D&ownload &with BitComet

IE: &D&ownload all video with BitComet

IE: &D&ownload all with BitComet

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {3253344D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab

DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c7/v15.585/qboax9.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v18.166/qboax10.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/c1/v14.222/qboax8.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll

STS: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sangredecomputador~1\applic~1\mozilla\firefox\profiles\14kf7vs5.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.5.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.6.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\sangredecomputador\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\sangredecomputador\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPPxDDUpldCS.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPPxUpld.dll

FF - plugin: c:\program files\opera\program\plugins\npjpi160_15.dll

FF - plugin: c:\program files\opera\program\plugins\npoji610.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-3 28552]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-25 145504]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-12 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-12 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-12 204632]

R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronservice.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?]

R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-3-19 6858496]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\sqlservr.exe [2009-3-30 43010392]

R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-12-16 265728]

R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-12 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-4-7 67800]

R3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-12 86232]

S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]

S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-12-23 20096]

S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\smartpenbus.sys --> c:\windows\system32\drivers\SmartpenBus.sys [?]

S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\smartpencom.sys --> c:\windows\system32\drivers\SmartpenCom.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-05-13 01:45:26 334 ----a-w- c:\windows\system32\CountBlockedByFirewall.XML

2010-05-12 17:56:03 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-05-12 17:54:19 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-05-12 17:52:06 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-05-12 17:52:06 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-05-12 17:52:03 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-05-12 16:13:28 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Desktop Search

2010-05-12 16:07:21 0 d-----w- c:\windows\system32\GroupPolicy

2010-05-12 16:07:21 0 d-----w- c:\program files\Windows Desktop Search

2010-05-12 16:06:12 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2010-05-12 16:06:12 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2010-05-12 16:06:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2010-04-30 16:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-04-25 20:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll

2010-04-22 12:30:16 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-16 20:47:38 3252 ----a-w- c:\windows\system32\wbem\Outlook_01cadda60c9d79b3.mof

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-27 01:19:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2010-03-20 18:19:24 83056 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-19 15:05:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2008-09-05 18:51:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 19:31:03.87 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4120

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/20/2010 9:59:39 AM

mbam-log-2010-05-20 (09-59-39).txt

Scan type: Quick scan

Objects scanned: 141360

Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here's DDS Attach.txt, I will post new GMER asap.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/14/2006 3:20:22 PM

System Uptime: 5/13/2010 8:37:25 AM (11 hours ago)

Motherboard: Dell Inc. | | 0CJ774

Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 92.266 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

G: is Removable

H: is Removable

I: is Removable

J: is NetworkDisk (NTFS) - 1024 GiB total, 1024 GiB free.

K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}

Description: hp LaserJet 3380 (DOT4USB)

Device ID: USB\VID_03F0&PID_1917\00CNBM160600

Manufacturer: Hewlett-Packard

Name: hp LaserJet 3380 (DOT4USB)

PNP Device ID: USB\VID_03F0&PID_1917\00CNBM160600

Service:

==== System Restore Points ===================

RP72: 2/13/2010 4:47:09 PM - System Checkpoint

RP73: 2/23/2010 12:18:56 PM - System Checkpoint

RP74: 2/24/2010 10:06:04 AM - Software Distribution Service 3.0

RP75: 2/25/2010 2:41:30 PM - System Checkpoint

RP76: 2/26/2010 4:17:17 PM - System Checkpoint

RP77: 3/1/2010 3:56:13 PM - System Checkpoint

RP78: 3/2/2010 4:34:42 PM - System Checkpoint

RP79: 3/4/2010 10:50:46 AM - System Checkpoint

RP80: 3/5/2010 5:24:37 PM - System Checkpoint

RP81: 3/7/2010 5:26:13 PM - System Checkpoint

RP82: 3/10/2010 8:46:11 PM - Software Distribution Service 3.0

RP83: 3/17/2010 7:21:22 AM - Software Distribution Service 3.0

RP84: 3/18/2010 1:31:47 PM - System Checkpoint

RP85: 3/19/2010 11:00:16 AM - Installed Safari

RP86: 3/19/2010 11:13:50 AM - Removed Skype

Link to post
Share on other sites

This was with nothing checked but sections.

Drives/C: was NOT checked.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-22 16:21:48

Windows 5.1.2600 Service Pack 3

Running: 9l9wjf8d.exe; Driver: C:\DOCUME~1\sangredecomputador~1\LOCALS~1\Temp\fxlyruog.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1752] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

Combofix.txt and a new dds.txt:

ComboFix 10-05-25.02 - sangredecomputador 05/25/2010 18:10:26.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1343 [GMT -4:00]

Running from: c:\documents and settings\sangredecomputador\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

.

The following files were disabled during the run:

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\sangredecomputador\g2mdlhlpx.exe

c:\windows\system32\VB40032.DLL

.

((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))

.

2010-05-25 03:09 . 2010-05-25 03:09 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1

2010-05-25 03:09 . 2010-05-25 03:09 -------- d-----w- c:\program files\ComcastAccess

2010-05-25 03:08 . 2010-05-25 03:08 144162 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Move Networks\uninstall.exe

2010-05-25 03:08 . 2010-05-25 03:08 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Move Networks

2010-05-25 03:08 . 2010-05-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\com.comcast.access

2010-05-25 03:08 . 2010-05-25 03:09 -------- d-----w- c:\documents and settings\sangredecomputador\Local Settings\Application Data\ComcastAccess

2010-05-25 02:56 . 2010-03-23 13:54 3371 ----a-w- C:\acddiag.cmd

2010-05-25 00:35 . 2010-05-25 00:35 -------- d-----w- C:\HPFixScan

2010-05-24 19:19 . 2010-05-24 19:19 503808 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\msvcp71.dll

2010-05-24 19:19 . 2010-05-24 19:19 499712 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\jmc.dll

2010-05-24 19:19 . 2010-05-24 19:19 348160 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\msvcr71.dll

2010-05-24 19:19 . 2010-05-24 19:19 61440 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-260f4a29-n\decora-sse.dll

2010-05-24 19:19 . 2010-05-24 19:19 12800 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-260f4a29-n\decora-d3d.dll

2010-05-21 21:01 . 2010-05-21 21:01 -------- d-----w- C:\mech-turk-tools-1.3.0

2010-05-21 17:14 . 2005-05-27 18:15 65536 ----a-w- c:\windows\system32\d4channel.dll

2010-05-21 17:14 . 2003-07-02 18:15 61440 ----a-w- c:\windows\system32\PMLJNI.dll

2010-05-21 17:14 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll

2010-05-21 17:14 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll

2010-05-21 17:14 . 2010-05-21 17:14 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-05-21 17:12 . 2010-05-21 17:12 13451 ----a-w- c:\windows\hpbins01.dat

2010-05-21 17:12 . 2005-03-30 15:22 1380 ------w- c:\windows\hpbmdl01.dat

2010-05-21 17:10 . 2010-05-21 17:10 -------- d-----w- c:\program files\Common Files\SWF Studio

2010-05-18 20:48 . 2010-05-18 20:48 -------- d-----w- c:\program files\iPod

2010-05-18 20:34 . 2010-05-18 20:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Windows Search

2010-05-12 17:56 . 2010-01-04 10:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-05-12 17:54 . 2010-01-04 10:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-05-12 17:52 . 2010-04-28 19:12 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-05-12 17:52 . 2010-04-28 19:12 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-05-12 17:52 . 2010-04-28 19:12 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-05-12 17:49 . 2010-05-12 17:49 16938616 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\AntiMalware\Downloads\SBVIPRE_FW_EN.4.0.3282.exe

2010-05-12 16:13 . 2010-05-12 16:13 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Windows Desktop Search

2010-05-12 16:07 . 2010-05-12 18:05 -------- d-----w- c:\program files\Windows Desktop Search

2010-05-12 16:07 . 2010-05-12 16:07 -------- d-----w- c:\windows\system32\GroupPolicy

2010-05-12 16:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2010-05-12 16:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2010-05-12 16:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2010-04-30 16:31 . 2010-04-30 16:31 27984 ----a-w- c:\windows\system32\sbbd.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-25 22:01 . 2008-03-13 16:39 -------- d-----w- c:\program files\foobar2000

2010-05-25 21:23 . 2008-03-13 16:39 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\foobar2000

2010-05-25 03:08 . 2009-12-18 03:27 5603776 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Move Networks\plugins\npqmp071706000001.dll

2010-05-25 00:15 . 2006-04-17 00:26 -------- d--h--w- c:\program files\Zero G Registry

2010-05-25 00:14 . 2006-04-17 00:26 -------- d-----w- c:\program files\Hewlett-Packard

2010-05-25 00:10 . 2006-04-18 18:20 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Skype

2010-05-21 17:28 . 2006-04-17 00:41 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\AdobeUM

2010-05-21 17:12 . 2006-04-17 00:23 -------- d-----w- c:\program files\hp

2010-05-20 15:40 . 2010-04-01 16:00 81920 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connecthook.dll

2010-05-20 15:40 . 2010-04-01 16:00 158720 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectsprd.dll

2010-05-18 20:49 . 2009-06-07 00:30 -------- d-----w- c:\program files\iTunes

2010-05-18 20:48 . 2008-08-22 17:59 -------- d-----w- c:\program files\Common Files\Apple

2010-05-18 20:37 . 2008-07-07 17:25 -------- d-----w- c:\program files\Bonjour

2010-05-16 00:55 . 2009-09-04 03:28 483936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-05-15 16:00 . 2009-11-13 17:28 -------- d-----w- c:\program files\Microsoft adCenter

2010-05-14 13:46 . 2008-01-16 01:40 82528 ---ha-w- c:\windows\system32\mlfcache.dat

2010-05-12 21:18 . 2009-12-15 22:43 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\vlc

2010-05-12 17:55 . 2006-04-17 02:44 98424 ----a-w- c:\documents and settings\sangredecomputador\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-12 13:12 . 2007-07-22 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-11 15:54 . 2009-03-30 21:31 -------- d-----w- c:\program files\CCleaner

2010-05-11 15:32 . 2006-07-07 18:36 -------- d-----w- c:\program files\Paint.NET

2010-05-10 15:08 . 2009-11-02 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-08 19:15 . 2008-04-28 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\QIntegrator

2010-04-29 19:39 . 2009-11-02 22:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2009-11-02 22:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 20:53 . 2010-04-25 20:53 323624 ----a-w- c:\windows\system32\wiaaut.dll

2010-04-22 12:29 . 2006-04-12 20:18 -------- d-----w- c:\program files\Java

2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\plugins\npgoogletalk.dll

2010-04-15 14:38 . 2006-04-26 14:28 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Apple Computer

2010-04-13 21:37 . 2010-04-18 14:28 89088 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll

2010-04-13 21:37 . 2010-04-18 14:28 89600 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll

2010-04-13 21:37 . 2010-04-18 14:28 89088 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll

2010-04-12 21:29 . 2010-04-22 12:30 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-07 14:38 . 2010-04-07 14:38 -------- d-----w- c:\program files\Common Files\Java

2010-04-07 14:33 . 2010-04-07 14:33 79488 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll

2010-04-07 14:33 . 2010-04-07 14:33 152576 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\jre1.6.0_19\lzma.dll

2010-04-07 13:56 . 2010-04-07 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-07 13:51 . 2006-04-19 22:47 -------- d-----w- c:\program files\QuickTime

2010-04-07 13:49 . 2010-04-07 13:49 -------- d-----w- c:\program files\Apple Software Update

2010-04-01 16:00 . 2010-04-01 16:00 3553680 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe

2010-03-27 01:19 . 2010-03-27 01:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2010-03-26 14:33 . 2010-04-15 12:27 1496064 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-03-26 14:33 . 2010-04-15 12:27 43008 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-03-26 14:33 . 2010-04-15 12:27 339456 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-03-26 14:32 . 2010-04-15 12:27 346112 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-03-10 06:15 . 2004-08-11 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-05 01:15 . 2009-04-23 14:45 38784 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-04 08:00 . 2010-03-04 08:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-02-25 06:24 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{0E653882-06F5-48CA-9726-BFABE5E50CE0}"

[HKEY_CLASSES_ROOT\CLSID\{0E653882-06F5-48CA-9726-BFABE5E50CE0}]

2010-02-05 17:38 137272 ----a-w- c:\windows\system32\VSMntNtf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]

"LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2009-12-16 647168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]

"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]

"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-04-30 1291600]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 151552]

"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2010-05-21 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

Jungle Disk Desktop.lnk - c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [2010-3-19 6858496]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Sunbelt Software\CounterSpy\Definitions

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk

backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sangredecomputador^Start Menu^Programs^Startup^Trillian.lnk]

path=c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\Trillian.lnk

backup=c:\windows\pss\Trillian.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sangredecomputador^Start Menu^Programs^Startup^Yammer.lnk]

path=c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\Yammer.lnk

backup=c:\windows\pss\Yammer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2007-07-02 10:27 219520 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Democracy Player]

2007-02-21 18:31 217088 ----a-w- c:\program files\Participatory Culture Foundation\Democracy Player\Democracy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]

2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]

2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

2006-03-23 04:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]

2009-11-11 02:21 5079040 ----a-w- c:\program files\Gizmo5\Gizmo5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 20:24 54840 ----a-w- c:\program files\hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2010-05-21 17:15 98304 ----a-w- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

2006-08-30 16:46 183367 ----a-w- c:\program files\Plaxo\2.9.0.38\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-03-09 14:02 26103592 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]

2005-04-08 16:18 151552 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2009-06-15 00:12 1217784 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]

2004-05-20 16:37 188416 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync]

2009-10-23 01:18 1171784 ----a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=

"c:\\Program Files\\Steam\\steamapps\\arsblog\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Gizmo5\\Gizmo5.exe"=

"c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Livescribe\\Livescribe Desktop\\LDTray.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\MySQL\\MySQL Server 5.1\\bin\\mysqld.exe"=

"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9544:TCP"= 9544:TCP:BitComet 9544 TCP

"9544:UDP"= 9544:UDP:BitComet 9544 UDP

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/3/2009 8:49 AM 28552]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [3/25/2010 1:35 PM 145504]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/12/2010 1:54 PM 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [5/12/2010 1:52 PM 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [5/12/2010 1:52 PM 204632]

R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronService.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?]

R2 JungleDiskService;JungleDiskService;c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [3/19/2010 6:21 PM 6858496]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [3/30/2009 4:25 AM 43010392]

R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [12/16/2009 2:08 PM 265728]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/12/2010 1:56 PM 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [4/30/2010 12:30 PM 181584]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/7/2010 5:52 PM 67800]

S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2008 11:00 AM 133104]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [4/30/2010 12:31 PM 2730120]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]

S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [12/23/2009 5:03 PM 20096]

S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [5/12/2010 1:52 PM 86232]

S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys --> c:\windows\system32\DRIVERS\SmartpenBus.sys [?]

S3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys --> c:\windows\system32\DRIVERS\SmartpenCom.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3/31/2009 4:44 AM 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]

S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936]

.

Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 22:05]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 22:05]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511926676-3137840940-3359351920-1006Core.job

- c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:05]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511926676-3137840940-3359351920-1006UA.job

- c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:05]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{97A9E062-DECA-45F3-B981-4A2E9736C081}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &D&ownload &with BitComet

IE: &D&ownload all video with BitComet

IE: &D&ownload all with BitComet

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll

FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll

FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\sangredecomputador\Application Data\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\sangredecomputador\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPxDDUpldCS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPxUpld.dll

FF - plugin: c:\program files\Opera\program\plugins\npjpi160_15.dll

FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{78061A12-1E91-4446-8B65-8ED2FF328D4A} - (no file)

ShellIconOverlayIdentifiers-{700AD13D-E86F-41C9-9A8F-39B4C438806F} - (no file)

ShellIconOverlayIdentifiers-{48C7A606-0F84-4DC8-8AFD-A157BDF18A08} - (no file)

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-AudioCommander - c:\program files\Andrea Electronics\Andrea VoiceCenter\AudioCommander.exe

MSConfigStartUp-CPMe36fca9b - c:\windows\system32\jabokuda.dll

MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

MSConfigStartUp-FolderShare - c:\program files\FolderShare\FolderShare.exe

MSConfigStartUp-Gizmo Project - c:\program files\Gizmo Project\Gizmo.exe

MSConfigStartUp-HotRecorder - c:\program files\HotRecorder\HotRecorder.exe

MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe

MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe

MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe

MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe

MSConfigStartUp-Pando - c:\program files\Pando Networks\Pando\Pando.exe

MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe

MSConfigStartUp-VoiceCenter - c:\program files\Andrea Electronics\Andrea VoiceCenter\VoiceCenter.exe

MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

AddRemove-HP Document Viewer - c:\program files\hp\Digital Imaging\DocumentViewer\hpzscr01.exe

AddRemove-HP Imaging Device Functions - c:\program files\hp\Digital Imaging\DeviceManagement\hpzscr01.exe

AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\hp\Digital Imaging\eSupport\hpzscr01.exe

AddRemove-HPOCR - c:\program files\hp\Digital Imaging\OCR\hpzscr01.exe

AddRemove-{F64D55C1-734C-4249-886E-4C41A9889A36} - c:\program files\hp\Digital Imaging\{F64D55C1-734C-4249-886E-4C41A9889A36}\setup\hpzscr01.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-25 18:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

LDTray = c:\program files\Livescribe\Livescribe Desktop\LDTray.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

c:\docume~1\sangredecomputador~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" MySQL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)

c:\windows\system32\GTGina.dll

.

Completion time: 2010-05-25 18:22:58

ComboFix-quarantined-files.txt 2010-05-25 22:22

Pre-Run: 98,104,586,240 bytes free

Post-Run: 98,340,204,544 bytes free

- - End Of File - - A6336901D8A9E9BD3B8CD9F97C31B2F1

DDS (Ver_10-03-17.01) - NTFSx86

Run by sangredecomputador at 19:55:37.56 on Tue 05/25/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1433 [GMT -4:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Perl\bin\perl.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

C:\WINDOWS\system32\hpzipm12.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\sangredecomputador\Desktop\dds .scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll

BHO: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

uRun: [Google Update] "c:\documents and settings\sangredecomputador\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe

mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [statusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\sangredecomputador~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &D&ownload &with BitComet

IE: &D&ownload all video with BitComet

IE: &D&ownload all with BitComet

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {3253344D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab

DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c7/v15.585/qboax9.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v18.166/qboax10.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/c1/v14.222/qboax8.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll

STS: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sangredecomputador~1\applic~1\mozilla\firefox\profiles\14kf7vs5.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.5.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.6.dll

FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-3 28552]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-25 145504]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-12 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-12 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-12 204632]

R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronservice.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?]

R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-3-19 6858496]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\sqlservr.exe [2009-3-30 43010392]

R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-12-16 265728]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-12 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-4-7 67800]

S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-12-23 20096]

S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-12 86232]

S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\smartpenbus.sys --> c:\windows\system32\drivers\SmartpenBus.sys [?]

S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\smartpencom.sys --> c:\windows\system32\drivers\SmartpenCom.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-05-25 22:07:00 98816 ----a-w- c:\windows\sed.exe

2010-05-25 22:07:00 77312 ----a-w- c:\windows\MBR.exe

2010-05-25 22:07:00 256512 ----a-w- c:\windows\PEV.exe

2010-05-25 22:07:00 161792 ----a-w- c:\windows\SWREG.exe

2010-05-25 03:09:31 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1

2010-05-25 03:09:08 0 d-----w- c:\program files\ComcastAccess

2010-05-25 03:08:44 0 d-----w- c:\docume~1\alluse~1\applic~1\com.comcast.access

2010-05-25 02:56:00 3371 ----a-w- C:\acddiag.cmd

2010-05-25 00:35:07 0 d-----w- C:\HPFixScan

2010-05-21 21:01:09 0 d-----w- C:\mech-turk-tools-1.3.0

2010-05-21 17:14:58 74752 ----a-w- c:\windows\system32\jst.dll

2010-05-21 17:14:58 65536 ----a-w- c:\windows\system32\d4channel.dll

2010-05-21 17:14:58 61440 ----a-w- c:\windows\system32\PMLJNI.dll

2010-05-21 17:14:58 36864 ----a-w- c:\windows\system32\hpbmmjno.dll

2010-05-21 17:12:42 375 ----a-w- c:\windows\hpbvspst.bu1

2010-05-21 17:12:42 2321 ----a-w- c:\windows\hpbvspst.hi1

2010-05-21 17:12:20 1380 ------w- c:\windows\hpbmdl01.dat

2010-05-21 17:12:20 13451 ----a-w- c:\windows\hpbins01.dat

2010-05-21 17:12:15 3519 ----a-w- c:\windows\hpbvnstp.hi1

2010-05-21 17:12:15 1005 ----a-w- c:\windows\hpbvnstp.bu1

2010-05-21 17:10:48 0 d-----w- c:\program files\common files\SWF Studio

2010-05-21 16:57:45 8088 ----a-w- c:\windows\hplj3380.bu2

2010-05-21 16:57:45 131196 ----a-w- c:\windows\hplj3380.hi2

2010-05-21 16:50:31 8331 ----a-w- c:\windows\hplj3380.bu1

2010-05-21 16:50:31 142251 ----a-w- c:\windows\hplj3380.hi1

2010-05-18 20:48:05 0 d-----w- c:\program files\iPod

2010-05-18 18:22:21 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Search

2010-05-13 01:45:26 334 ----a-w- c:\windows\system32\CountBlockedByFirewall.XML

2010-05-12 17:56:03 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-05-12 17:54:19 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-05-12 17:52:06 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-05-12 17:52:06 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-05-12 17:52:03 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-05-12 16:13:28 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Desktop Search

2010-05-12 16:07:21 0 d-----w- c:\windows\system32\GroupPolicy

2010-05-12 16:07:21 0 d-----w- c:\program files\Windows Desktop Search

2010-05-12 16:06:12 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2010-05-12 16:06:12 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2010-05-12 16:06:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2010-04-30 16:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe

==================== Find3M ====================

2010-05-14 13:46:48 82528 ---ha-w- c:\windows\system32\mlfcache.dat

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 20:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-03-27 01:19:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2008-09-05 18:51:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 19:56:50.35 ===============

Link to post
Share on other sites

Notes from the combofix and dds runs:

During ComboFix run, received message "files trying to attach to ComboFix"

C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

Also during ComboFix, OS error:

Windows Application Error

The instruction at "0x003999fw" referenced memory at "0xffffa598". The memory could not be "read".

Click on OK to terminate the program

After ComboFix, DDS.scr would not run, when I double-clicked DDS.scr on the desktop, the MS-DOS window would flash on screen, closing immediately.

Downloaded a new version as DDS.com, it also would not run.

Restarted computer.

Changed name of DDS.com to DDS.scr, double-clicked and it appeared to run without issue.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.