Jump to content

Can't get rid of malware


Recommended Posts

Been trying to get my pc free of malware over the last few days and failing.

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

8/2/2010 7:44:27 PM

mbam-log-2010-08-02 (19-44-27).txt

Scan type: Quick scan

Objects scanned: 126119

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ernel32.dll (Trojan.Agent) -> Delete on reboot.

DDS LOG

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dave Bana at 19:17:03.89 on Mon 08/02/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.222 [GMT 10:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\Cyberlink\Shared files\brs.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Dave Bana\Desktop\Defogger.exe

C:\Documents and Settings\Dave Bana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

mPolicies-system: EnableLUA = 0 (0x0)

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daveba~1\applic~1\mozilla\firefox\profiles\ut6sney0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\dave bana\application data\mozilla\firefox\profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dave bana\application data\mozilla\firefox\profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\RadioWMPCore.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/02 00:21:45];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

S3 DWKDUXBXJ;DWKDUXBXJ;c:\docume~1\daveba~1\locals~1\temp\dwkduxbxj.exe --> c:\docume~1\daveba~1\locals~1\temp\DWKDUXBXJ.exe [?]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 FPBIDPMR;FPBIDPMR;c:\docume~1\daveba~1\locals~1\temp\fpbidpmr.exe --> c:\docume~1\daveba~1\locals~1\temp\FPBIDPMR.exe [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GGCU;GGCU;c:\docume~1\daveba~1\locals~1\temp\ggcu.exe --> c:\docume~1\daveba~1\locals~1\temp\GGCU.exe [?]

S3 HP;HP;c:\docume~1\daveba~1\locals~1\temp\hp.exe --> c:\docume~1\daveba~1\locals~1\temp\HP.exe [?]

S3 NYDNYF;NYDNYF;c:\docume~1\daveba~1\locals~1\temp\nydnyf.exe --> c:\docume~1\daveba~1\locals~1\temp\NYDNYF.exe [?]

=============== Created Last 30 ================

2010-08-02 09:16:40 0 ----a-w- c:\documents and settings\dave bana\defogger_reenable

2010-08-01 14:22:12 0 d-----w- c:\program files\GNU

2010-08-01 14:21:28 0 d-----w- c:\program files\common files\CyberLink

2010-08-01 14:17:58 29480 ----a-w- c:\windows\system32\msxml3a.dll

2010-08-01 13:48:11 0 d-----w- c:\program files\Trend Micro

2010-08-01 05:38:54 0 d-sha-r- C:\cmdcons

2010-08-01 02:42:22 0 d-----w- c:\windows\ERUNT

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zsO.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zrO.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zPm.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zFo.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zdH.lnk

2010-07-29 14:46:33 161 ----a-w- c:\documents and settings\dave bana\zwy.lnk

2010-07-29 14:46:33 161 ----a-w- c:\documents and settings\dave bana\znV.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zzB.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zyS.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zwv.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zUc.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zPV.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zPc.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zkn.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\ziY.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zDD.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zXQ.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zqH.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zOm.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zOK.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zMo.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\ziM.lnk

2010-07-29 13:59:16 91 ----a-w- c:\windows\wininit.ini

2010-07-29 13:03:33 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-29 13:03:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-07-29 11:15:49 0 d-----w- c:\program files\Enigma Software Group

2010-07-29 11:14:00 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-07-29 11:13:51 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zyc.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zXE.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zvc.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zpP.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zLo.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zlb.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zfW.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zeL.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zCp.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zZS.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zXP.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zJv.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\ziD.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zhk.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zGE.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zfh.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zdX.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zop.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zmF.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zjW.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zIk.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zFN.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zEq.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zBC.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zam.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zvw.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zsY.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zmU.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zlu.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zjy.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zhY.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zGg.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zdk.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zbs.lnk

2010-07-27 13:48:26 161 ----a-w- c:\documents and settings\dave bana\zgF.lnk

2010-07-27 13:48:26 161 ----a-w- c:\documents and settings\dave bana\zDS.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zZu.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zZP.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zwR.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zLx.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zkm.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zio.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zfF.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zSI.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zrK.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zpz.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zjQ.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zIS.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zhj.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zgB.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zgA.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zBk.lnk

2010-07-25 13:41:08 120 ----a-w- c:\windows\Ovadohugewuxiqen.dat

2010-07-25 13:41:08 0 ----a-w- c:\windows\Xmifogumamum.bin

2010-07-25 10:13:05 75776 --sha-r- c:\windows\system32\SSTraRUW.dll

2010-07-17 01:36:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-10 14:12:00 0 d-----w- C:\spoolerlogs

2010-07-06 11:29:47 0 d-----w- c:\program files\Guitar Scales Method

==================== Find3M ====================

2010-08-01 14:17:34 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-01 14:17:33 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-04 17:20:03 841216 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:19:59 17408 ----a-w- c:\windows\system32\corpol.dll

2010-01-06 12:35:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat

2008-03-08 09:39:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008030820080309\index.dat

2010-01-06 12:35:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 19:20:21.98 ===============

Thanks in advance

Attach.rar

Ark.txt.rar

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Combofix log

ComboFix 10-08-02.01 - Dave Bana 08/03/2010 12:56:19.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.162 [GMT 10:00]

Running from: c:\documents and settings\Dave Bana\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\DAVEBA~1\LOCALS~1\Temp\{2AE47D3D-B2E4-46B4-935F-37CE9D5934A6}\_extra\objects\cmdline.dll

c:\documents and settings\Dave Bana\Local Settings\temp\{2AE47D3D-B2E4-46B4-935F-37CE9D5934A6}\_extra\objects\cmdline.dll

c:\windows\system32\drivers\fwcf.sys

c:\windows\system32\ernel32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npaq

((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))

.

2010-08-01 14:25 . 2010-08-01 14:27 -------- d-----w- c:\documents and settings\Dave Bana\Local Settings\Application Data\Cyberlink

2010-08-01 14:23 . 2010-08-01 14:25 -------- d-----w- c:\documents and settings\Dave Bana\Application Data\CyberLink

2010-08-01 14:22 . 2010-08-01 14:22 -------- d-----w- c:\program files\GNU

2010-08-01 14:21 . 2010-08-01 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2010-08-01 14:21 . 2010-08-01 14:21 -------- d-----w- c:\program files\Common Files\CyberLink

2010-08-01 14:17 . 2010-08-01 14:21 -------- d-----w- c:\program files\CyberLink

2010-08-01 14:17 . 2010-08-01 14:17 29480 ----a-w- c:\windows\system32\msxml3a.dll

2010-08-01 14:17 . 2010-08-01 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

2010-08-01 14:17 . 2010-08-01 14:17 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe

2010-08-01 13:48 . 2010-08-01 13:48 -------- d-----w- c:\program files\Trend Micro

2010-08-01 02:42 . 2010-08-01 02:42 -------- d-----w- c:\windows\ERUNT

2010-07-29 13:03 . 2010-08-01 04:12 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-29 13:03 . 2010-08-01 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-29 11:15 . 2010-07-29 11:15 -------- d-----w- c:\program files\Enigma Software Group

2010-07-29 11:14 . 2010-07-29 12:42 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-07-29 11:13 . 2010-07-29 11:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-25 13:41 . 2010-08-01 01:46 0 ----a-w- c:\windows\Xmifogumamum.bin

2010-07-25 13:41 . 2010-07-28 03:07 120 ----a-w- c:\windows\Ovadohugewuxiqen.dat

2010-07-25 10:13 . 2010-07-25 10:13 75776 --sha-r- c:\windows\system32\SSTraRUW.dll

2010-07-17 01:36 . 2010-07-17 01:36 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-10 14:12 . 2010-07-10 14:12 -------- d-----w- C:\spoolerlogs

2010-07-06 11:29 . 2010-07-22 16:08 -------- d-----w- c:\program files\Guitar Scales Method

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-02 10:27 . 2010-06-13 10:26 -------- d-----w- c:\program files\PokerStars

2010-08-01 14:21 . 2009-04-09 04:27 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-01 14:17 . 2003-02-21 03:42 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-01 14:17 . 2008-03-11 04:58 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-08-01 06:08 . 2009-09-28 03:53 -------- d-----w- c:\documents and settings\Dave Bana\Application Data\uTorrent

2010-07-29 11:17 . 2008-03-08 11:13 16168 -c--a-w- c:\documents and settings\Dave Bana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-27 07:56 . 2010-06-14 05:54 -------- d-----w- c:\program files\Full Tilt Poker

2010-07-19 15:12 . 2009-08-27 07:47 -------- d-----w- c:\program files\ZillaTube

2010-07-11 03:52 . 2009-12-30 02:58 -------- d-----w- c:\documents and settings\Dave Bana\Application Data\QuickScan

2010-07-02 02:11 . 2008-05-27 13:59 -------- d-----w- c:\program files\Apple Software Update

2010-06-14 14:30 . 2008-03-08 09:28 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-13 10:12 . 2009-07-22 11:38 -------- d-----w- c:\program files\PokerStars.NET

2010-06-04 23:59 . 2009-03-21 11:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-23 18:41 . 2010-05-23 18:41 503808 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74b1ab80-n\msvcp71.dll

2010-05-23 18:41 . 2010-05-23 18:41 499712 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74b1ab80-n\jmc.dll

2010-05-23 18:41 . 2010-05-23 18:41 348160 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74b1ab80-n\msvcr71.dll

2010-05-23 18:40 . 2010-05-23 18:40 61440 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ec90066-n\decora-sse.dll

2010-05-23 18:40 . 2010-05-23 18:40 12800 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ec90066-n\decora-d3d.dll

2010-05-23 18:40 . 2010-05-23 18:40 503808 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-469c71fc-n\msvcp71.dll

2010-05-23 18:40 . 2010-05-23 18:40 499712 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-469c71fc-n\jmc.dll

2010-05-23 18:40 . 2010-05-23 18:40 348160 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-469c71fc-n\msvcr71.dll

2010-05-23 18:33 . 2010-05-23 18:33 61440 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-454531b0-n\decora-sse.dll

2010-05-23 18:33 . 2010-05-23 18:33 12800 -c--a-w- c:\documents and settings\Dave Bana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-454531b0-n\decora-d3d.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]

"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]

"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/02 00:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 PM 87536]

S3 DWKDUXBXJ;DWKDUXBXJ;c:\docume~1\DAVEBA~1\LOCALS~1\Temp\DWKDUXBXJ.exe --> c:\docume~1\DAVEBA~1\LOCALS~1\Temp\DWKDUXBXJ.exe [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 FPBIDPMR;FPBIDPMR;c:\docume~1\DAVEBA~1\LOCALS~1\Temp\FPBIDPMR.exe --> c:\docume~1\DAVEBA~1\LOCALS~1\Temp\FPBIDPMR.exe [?]

S3 GGCU;GGCU;c:\docume~1\DAVEBA~1\LOCALS~1\Temp\GGCU.exe --> c:\docume~1\DAVEBA~1\LOCALS~1\Temp\GGCU.exe [?]

S3 HP;HP;c:\docume~1\DAVEBA~1\LOCALS~1\Temp\HP.exe --> c:\docume~1\DAVEBA~1\LOCALS~1\Temp\HP.exe [?]

S3 NYDNYF;NYDNYF;c:\docume~1\DAVEBA~1\LOCALS~1\Temp\NYDNYF.exe --> c:\docume~1\DAVEBA~1\LOCALS~1\Temp\NYDNYF.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2010-08-03 c:\windows\Tasks\b99a1abd.job

- c:\documents and settings\Dave Bana\Application Data\b99a1abd.exe [2006-04-08 00:00]

2010-08-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 11:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Dave Bana\Application Data\Mozilla\Firefox\Profiles\ut6sney0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\Dave Bana\Application Data\Mozilla\Firefox\Profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Dave Bana\Application Data\Mozilla\Firefox\Profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-03 13:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2764)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-08-03 13:23:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-03 03:23

ComboFix2.txt 2010-08-01 12:08

Pre-Run: 7,943,651,328 bytes free

Post-Run: 7,853,436,928 bytes free

- - End Of File - - 34010A9399C0A1E084EE48EC6F7CDE22

New DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dave Bana at 13:25:06.60 on Tue 08/03/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.242 [GMT 10:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\Cyberlink\Shared files\brs.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dave Bana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daveba~1\applic~1\mozilla\firefox\profiles\ut6sney0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\dave bana\application data\mozilla\firefox\profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dave bana\application data\mozilla\firefox\profiles\ut6sney0.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\RadioWMPCore.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/02 00:21:45];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

S3 DWKDUXBXJ;DWKDUXBXJ;c:\docume~1\daveba~1\locals~1\temp\dwkduxbxj.exe --> c:\docume~1\daveba~1\locals~1\temp\DWKDUXBXJ.exe [?]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 FPBIDPMR;FPBIDPMR;c:\docume~1\daveba~1\locals~1\temp\fpbidpmr.exe --> c:\docume~1\daveba~1\locals~1\temp\FPBIDPMR.exe [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GGCU;GGCU;c:\docume~1\daveba~1\locals~1\temp\ggcu.exe --> c:\docume~1\daveba~1\locals~1\temp\GGCU.exe [?]

S3 HP;HP;c:\docume~1\daveba~1\locals~1\temp\hp.exe --> c:\docume~1\daveba~1\locals~1\temp\HP.exe [?]

S3 NYDNYF;NYDNYF;c:\docume~1\daveba~1\locals~1\temp\nydnyf.exe --> c:\docume~1\daveba~1\locals~1\temp\NYDNYF.exe [?]

=============== Created Last 30 ================

2010-08-03 02:50:34 98816 ----a-w- c:\windows\sed.exe

2010-08-03 02:50:34 77312 ----a-w- c:\windows\MBR.exe

2010-08-03 02:50:34 256512 ----a-w- c:\windows\PEV.exe

2010-08-03 02:50:34 161792 ----a-w- c:\windows\SWREG.exe

2010-08-02 09:16:40 0 ----a-w- c:\documents and settings\dave bana\defogger_reenable

2010-08-01 14:22:12 0 d-----w- c:\program files\GNU

2010-08-01 14:21:28 0 d-----w- c:\program files\common files\CyberLink

2010-08-01 14:17:58 29480 ----a-w- c:\windows\system32\msxml3a.dll

2010-08-01 13:48:11 0 d-----w- c:\program files\Trend Micro

2010-08-01 05:38:54 0 d-sha-r- C:\cmdcons

2010-08-01 02:42:22 0 d-----w- c:\windows\ERUNT

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zsO.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zrO.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zPm.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zFo.lnk

2010-07-29 14:46:34 161 ----a-w- c:\documents and settings\dave bana\zdH.lnk

2010-07-29 14:46:33 161 ----a-w- c:\documents and settings\dave bana\zwy.lnk

2010-07-29 14:46:33 161 ----a-w- c:\documents and settings\dave bana\znV.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zzB.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zyS.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zwv.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zUc.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zPV.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zPc.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zkn.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\ziY.lnk

2010-07-29 14:43:42 161 ----a-w- c:\documents and settings\dave bana\zDD.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zXQ.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zqH.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zOm.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zOK.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\zMo.lnk

2010-07-29 14:41:34 161 ----a-w- c:\documents and settings\dave bana\ziM.lnk

2010-07-29 13:59:16 91 ----a-w- c:\windows\wininit.ini

2010-07-29 13:03:33 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-29 13:03:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-07-29 11:15:49 0 d-----w- c:\program files\Enigma Software Group

2010-07-29 11:14:00 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-07-29 11:13:51 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zyc.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zXE.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zvc.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zpP.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zLo.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zlb.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zfW.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zeL.lnk

2010-07-27 13:55:34 161 ----a-w- c:\documents and settings\dave bana\zCp.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zZS.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zXP.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zJv.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\ziD.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zhk.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zGE.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zfh.lnk

2010-07-27 13:53:50 161 ----a-w- c:\documents and settings\dave bana\zdX.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zop.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zmF.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zjW.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zIk.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zFN.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zEq.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zBC.lnk

2010-07-27 13:52:20 161 ----a-w- c:\documents and settings\dave bana\zam.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zvw.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zsY.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zmU.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zlu.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zjy.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zhY.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zGg.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zdk.lnk

2010-07-27 13:50:34 161 ----a-w- c:\documents and settings\dave bana\zbs.lnk

2010-07-27 13:48:26 161 ----a-w- c:\documents and settings\dave bana\zgF.lnk

2010-07-27 13:48:26 161 ----a-w- c:\documents and settings\dave bana\zDS.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zZu.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zZP.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zwR.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zLx.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zkm.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zio.lnk

2010-07-27 13:48:25 161 ----a-w- c:\documents and settings\dave bana\zfF.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zSI.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zrK.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zpz.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zjQ.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zIS.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zhj.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zgB.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zgA.lnk

2010-07-27 13:47:27 161 ----a-w- c:\documents and settings\dave bana\zBk.lnk

2010-07-25 13:41:08 120 ----a-w- c:\windows\Ovadohugewuxiqen.dat

2010-07-25 13:41:08 0 ----a-w- c:\windows\Xmifogumamum.bin

2010-07-25 10:13:05 75776 --sha-r- c:\windows\system32\SSTraRUW.dll

2010-07-17 01:36:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-10 14:12:00 0 d-----w- C:\spoolerlogs

2010-07-06 11:29:47 0 d-----w- c:\program files\Guitar Scales Method

==================== Find3M ====================

2010-08-01 14:17:34 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-01 14:17:33 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-06 12:35:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat

2008-03-08 09:39:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008030820080309\index.dat

2010-01-06 12:35:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:25:26.68 ===============

Attach.rar

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.