Jump to content

xp internet security


Recommended Posts

this is the attach .com file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 2/23/2005 12:03:05 PM

System Uptime: 11/26/2010 2:28:46 AM (44 hours ago)

Motherboard: Intel Corporation | | D915GAG

Processor: Intel® Pentium® 4 CPU 2.93GHz | J2E1 | 2933/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 30.634 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 1.671 GiB free.

E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP420: 8/30/2010 3:00:19 AM - Software Distribution Service 3.0

RP421: 8/31/2010 3:00:20 AM - Software Distribution Service 3.0

RP422: 9/1/2010 3:00:20 AM - Software Distribution Service 3.0

RP423: 9/2/2010 3:00:20 AM - Software Distribution Service 3.0

RP424: 9/3/2010 3:00:19 AM - Software Distribution Service 3.0

RP425: 9/4/2010 3:00:20 AM - Software Distribution Service 3.0

RP426: 9/5/2010 3:00:21 AM - Software Distribution Service 3.0

RP427: 9/6/2010 3:00:21 AM - Software Distribution Service 3.0

RP428: 9/7/2010 3:00:21 AM - Software Distribution Service 3.0

RP429: 9/8/2010 3:00:17 AM - Software Distribution Service 3.0

RP430: 9/9/2010 3:00:20 AM - Software Distribution Service 3.0

RP431: 9/10/2010 3:00:19 AM - Software Distribution Service 3.0

RP432: 9/11/2010 3:00:19 AM - Software Distribution Service 3.0

RP433: 9/12/2010 3:00:21 AM - Software Distribution Service 3.0

RP434: 9/13/2010 3:00:23 AM - Software Distribution Service 3.0

RP435: 9/14/2010 3:00:18 AM - Software Distribution Service 3.0

RP436: 9/15/2010 11:23:06 AM - System Checkpoint

RP437: 9/16/2010 5:23:06 PM - System Checkpoint

RP438: 9/18/2010 1:15:29 AM - System Checkpoint

RP439: 9/18/2010 3:00:19 AM - Software Distribution Service 3.0

RP440: 9/19/2010 3:00:22 AM - Software Distribution Service 3.0

RP441: 9/20/2010 3:00:20 AM - Software Distribution Service 3.0

RP442: 9/21/2010 3:00:21 AM - Software Distribution Service 3.0

RP443: 9/22/2010 3:00:22 AM - Software Distribution Service 3.0

RP444: 9/23/2010 3:00:20 AM - Software Distribution Service 3.0

RP445: 9/24/2010 3:00:18 AM - Software Distribution Service 3.0

RP446: 9/25/2010 3:00:21 AM - Software Distribution Service 3.0

RP447: 9/26/2010 1:01:05 PM - System Checkpoint

RP448: 9/27/2010 5:12:28 PM - System Checkpoint

RP449: 9/28/2010 11:13:33 PM - System Checkpoint

RP450: 9/30/2010 8:12:33 AM - System Checkpoint

RP451: 10/1/2010 5:38:41 PM - System Checkpoint

RP452: 10/2/2010 11:38:40 PM - System Checkpoint

RP453: 10/4/2010 9:30:51 AM - System Checkpoint

RP454: 10/5/2010 11:38:40 AM - System Checkpoint

RP455: 10/6/2010 9:24:22 AM - Avg8 Update

RP456: 10/7/2010 9:25:40 PM - Software Distribution Service 3.0

RP457: 10/8/2010 9:07:26 PM - Software Distribution Service 3.0

RP458: 10/9/2010 3:00:23 AM - Software Distribution Service 3.0

RP459: 10/10/2010 3:00:18 AM - Software Distribution Service 3.0

RP460: 10/11/2010 3:00:20 AM - Software Distribution Service 3.0

RP461: 10/12/2010 3:00:22 AM - Software Distribution Service 3.0

RP462: 10/13/2010 9:15:57 AM - System Checkpoint

RP463: 10/14/2010 3:15:57 PM - System Checkpoint

RP464: 10/15/2010 9:15:57 PM - System Checkpoint

RP465: 10/17/2010 6:40:19 PM - System Checkpoint

RP466: 10/18/2010 3:00:21 AM - Software Distribution Service 3.0

RP467: 10/19/2010 3:00:21 AM - Software Distribution Service 3.0

RP468: 10/20/2010 8:24:26 AM - System Checkpoint

RP469: 10/21/2010 11:04:29 AM - System Checkpoint

RP470: 10/22/2010 5:04:29 PM - System Checkpoint

RP471: 10/23/2010 3:00:21 AM - Software Distribution Service 3.0

RP472: 10/24/2010 3:00:18 AM - Software Distribution Service 3.0

RP473: 10/25/2010 3:00:19 AM - Software Distribution Service 3.0

RP474: 10/26/2010 3:00:18 AM - Software Distribution Service 3.0

RP475: 10/27/2010 3:00:27 AM - Software Distribution Service 3.0

RP476: 10/28/2010 12:50:29 PM - System Checkpoint

RP477: 10/29/2010 6:40:55 PM - System Checkpoint

RP478: 10/30/2010 10:35:03 PM - System Checkpoint

RP479: 11/1/2010 8:04:53 PM - System Checkpoint

RP480: 11/3/2010 8:23:51 AM - System Checkpoint

RP481: 11/4/2010 6:22:14 PM - System Checkpoint

RP482: 11/6/2010 12:00:07 AM - System Checkpoint

RP483: 11/6/2010 11:19:36 PM - System Checkpoint

RP484: 11/9/2010 3:49:24 PM - System Checkpoint

RP485: 11/11/2010 12:59:41 PM - System Checkpoint

RP486: 11/12/2010 3:00:18 AM - Software Distribution Service 3.0

RP487: 11/13/2010 3:00:17 AM - Software Distribution Service 3.0

RP488: 11/14/2010 3:00:18 AM - Software Distribution Service 3.0

RP489: 11/15/2010 3:00:32 AM - Software Distribution Service 3.0

RP490: 11/16/2010 3:00:17 AM - Software Distribution Service 3.0

RP491: 11/17/2010 3:00:16 AM - Software Distribution Service 3.0

RP492: 11/18/2010 3:00:16 AM - Software Distribution Service 3.0

RP493: 11/19/2010 3:00:17 AM - Software Distribution Service 3.0

RP494: 11/20/2010 3:00:18 AM - Software Distribution Service 3.0

RP495: 11/21/2010 3:00:24 AM - Software Distribution Service 3.0

RP496: 11/22/2010 3:00:18 AM - Software Distribution Service 3.0

RP497: 11/23/2010 3:00:18 AM - Software Distribution Service 3.0

RP498: 11/24/2010 3:00:15 AM - Software Distribution Service 3.0

RP499: 11/25/2010 3:00:18 AM - Software Distribution Service 3.0

RP500: 11/26/2010 3:00:26 AM - Software Distribution Service 3.0

RP501: 11/27/2010 3:00:18 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 9.0 Sprint

Adobe Acrobat 4.0

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.5

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

ArcSoft Software Suite

AVG Free 8.5

Best Buy Digital Music Store

Big Fish Games Client

BigFix

Birth of Jesus Activity Center

BlackBerry Desktop Software 4.7

Candy Land - Dora the Explorer Edition

CardRd81

Cars - Radiator Springs Adventures

CCScore

CDDRV_Installer

CR2

David and Goliath

Diego`s Dinosaur Adventure

DIGOpt

DIGReqEx

Diner Dash 2

Document Express DjVu Plug-in

Download Accelerator Plus (DAP)

DrawPlus 3.0

Dynex mini card reader

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

EPSON NX300 Series Printer Uninstall

EPSON Printer Software

EPSON Scan

EPSON Smart Panel

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

FMR

Free Registry Defrag

Google Toolbar for Internet Explorer

HLPPDOCK

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

i2i-Systems Remote Install

InCD EasyWrite Reader

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Adapters and Drivers

Java Auto Updater

Java 6 Update 17

Jump Jump Jelly Reactor

JumpStart Parent Resource Center v1.0

KhalInstallWrapper

Kodak EasyShare software

La Casa De Dora

Learn2 Player (Uninstall Only)

Logitech Desktop Messenger

Logitech Registration

Logitech SetPoint

Malwarebytes' Anti-Malware

MathPlayer

McAfee Security Scan Plus

McDonald's CBT Training

Microsoft .NET Framework 2.0

Microsoft Digital Image Library 9 - Blocker

Microsoft Encarta Encyclopedia Standard 2005

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Money 2005

Microsoft National Language Support Downlevel APIs

Microsoft Picture It! Library 10

Microsoft Picture It! Premium 10

Microsoft Silverlight

Microsoft Streets and Trips 2005

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Web Publishing Wizard 1.52

Microsoft Word 2002

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Moses in Egypt

Motorola Driver Installation

Motorola USB Drivers

Mozilla Firefox (3.5.3)

MSN

MSN Encarta Plus Support Files

MSN Messenger 6.1

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTP Porting Kit

Nero BurnRights

Nero OEM

netbrdg

Noah's Ark Activity Center

OfotoXMI

Photo Organizer

PowerDVD

PrintMaster

Purrfect Pet Shop

Quicken 2006

QuickLink Mobile

RealPlayer Basic

Realtek High Definition Audio Driver

Rhapsody Player Engine

Sansa Updater

ScanToWeb

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

SFR

SFR2

SHASTA

Shockwave

skin0001

SKINXSDK

SoftV92 Data Fax Modem with SmartCP

Spellagories

SpongeBob SquarePants Diner Dash 2

staticcr

Unity Web Player

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

V CAST Music with Rhapsody

VC 9.0 Runtime

Viewpoint Media Player

VPRINTOL

VZAccess Manager for RIM

WebFldrs XP

Windows Backup Utility

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 9 Series Power Toy - Ratings Migration

Windows Media Player 9 Series TweakMP PowerToy

Windows XP Service Pack 3

WIRELESS

Wonder Pets Save the Puppy

Works Upgrade

Yahoo! Messenger

Yahoo! Software Update

ZoneAlarm

==== Event Viewer Messages From Past Week ========

11/26/2010 2:32:09 AM, error: Service Control Manager [7034] - The EPSON V3 Service2(03) service terminated unexpectedly. It has done this 1 time(s).

11/24/2010 5:57:48 PM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 001111CE727C has been denied by the DHCP server 68.114.38.200 (The DHCP Server sent a DHCPNACK message).

11/20/2010 9:29:26 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

11/20/2010 7:29:46 PM, error: Dhcp [1002] - The IP address lease 97.89.79.173 for the Network Card with network address 001111CE727C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/20/2010 7:01:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

==== End Of File ===========================

this is the dds file

DDS (Ver_10-11-27.01) - NTFSx86

Run by Owner at 22:07:06.82 on Sat 11/27/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.372 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\SAgent4.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\vz.exe

C:\WINDOWS\System32\mshta.exe

c:\75d1b40c22b13c16bad209beccbe\dotnetfx35setup.exe

c:\8f85bacb13d746d05c8c0b266199e1c4\setup.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

c:\c930d10db04b2c2fff65\dotnetfx35setup.exe

c:\be59eab6ddf50f1ccaaf2cdd788372\setup.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =

uStart Page = hxxp://www.google.com/

uSearch Page =

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRunOnce: [OOBEDDDemise] cmd /x /c erase c:\windows\system32\oobe\msoobe.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "c:\windows\temp\E_S3B8.tmp" /EF "HKCU"

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/shared/COMCTL32/6,0,80,22/ComCtl32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab

DPF: {845C260B-A44B-49A3-86A6-71430B3000A0} - hxxps://www.mytelevox.com/mytestresults/cabs/TeleVoxAudioPlayer.CAB

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab

DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v46/luxor/luxor.cab

DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v64/swapit/swapit.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2388128&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2388128&q=

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}\components\RadioWMPCore.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Extension: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox

FF - Extension: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}

FF - Extension: Free Game Bar Toolbar: {6f094b04-2c69-4ff3-ac74-d9716e97e296} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bagrfogj.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Extension: AVG Security Toolbar em:version=3.011.025.005 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-11 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-11 297752]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-3-12 17920]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-3-12 7680]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-3-12 22528]

=============== File Associations ===============

.exe=sezfile

=============== Created Last 30 ================

2010-11-27 08:00:37 -------- d-----w- C:\be59eab6ddf50f1ccaaf2cdd788372

2010-11-27 08:00:29 -------- d-----w- C:\c930d10db04b2c2fff65

2010-11-26 08:00:47 -------- d-----w- C:\8f85bacb13d746d05c8c0b266199e1c4

2010-11-26 08:00:41 -------- d-----w- C:\75d1b40c22b13c16bad209beccbe

2010-11-26 07:26:33 315904 --sha-w- c:\docume~1\owner\locals~1\applic~1\vz.exe

2010-11-25 08:00:43 -------- d-----w- C:\9d5125660aec31cafa39e8278c81

2010-11-25 08:00:36 -------- d-----w- C:\5ca2518aee380fb630a8a45e72

2010-11-25 00:05:01 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2010-11-25 00:05:00 -------- d-----w- c:\program files\common files\ABBYY

2010-11-25 00:05:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\ABBYY

2010-11-25 00:02:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\UDL

2010-11-25 00:01:50 -------- d-----w- c:\program files\Epson Software

2010-11-24 23:11:13 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2010-11-24 23:11:13 108704 ----a-w- c:\windows\system32\PICEntry.dll

2010-11-24 23:10:45 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL

2010-11-24 23:10:45 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL

2010-11-24 23:10:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\EPSON

2010-11-24 23:10:12 71680 ----a-w- c:\windows\system32\escwiad.dll

2010-11-24 08:00:41 -------- d-----w- C:\4f28a7ce4c85619457945998c95a4aa5

2010-11-24 08:00:33 -------- d-----w- C:\a266a15441344b8823017c

2010-11-23 08:00:44 -------- d-----w- C:\effa9a398b3b79fe52d7c71a22fe4640

2010-11-23 08:00:36 -------- d-----w- C:\e896e140a01c6276c3

2010-11-22 08:00:42 -------- d-----w- C:\5e60e4d9eadb8b9e91a3f8ae3621cc

2010-11-22 08:00:33 -------- d-----w- C:\e75a7ca70b89985feec7e3c49d4b5722

2010-11-21 08:00:47 -------- d-----w- C:\caf870a7a64642fcc78400

2010-11-21 08:00:41 -------- d-----w- C:\e706f9502496e951443e779da127c7f4

2010-11-20 08:00:44 -------- d-----w- C:\42eab3be3dd62b9baedbeb

2010-11-20 08:00:35 -------- d-----w- C:\0f9bd1f79a7422e1ed92fb7245a38859

2010-11-19 08:00:46 -------- d-----w- C:\38090dd04a85f89818

2010-11-19 08:00:38 -------- d-----w- C:\5afa556a7ca24f9d24a624

2010-11-18 15:24:58 252256 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{824bdb0b-1d3f-43d7-bf20-4fc726e0d112}\Icon_DjVuViewer.exe

2010-11-18 15:24:57 1680272 ----a-w- c:\program files\mozilla firefox\plugins\npdjvu.dll

2010-11-18 15:24:55 -------- d-----w- c:\program files\Caminova

2010-11-18 08:00:45 -------- d-----w- C:\5813bd383b53a9ee96

2010-11-18 08:00:38 -------- d-----w- C:\c9f1d6a25fa76fcf8454

2010-11-17 08:00:38 -------- d-----w- C:\22953a44a14017ec64c54f

2010-11-17 08:00:31 -------- d-----w- C:\b5035130cbf343710aa9d5b122e1

2010-11-16 08:00:40 -------- d-----w- C:\a433b98b53cf156aa4fd867c78

2010-11-16 08:00:32 -------- d-----w- C:\b0995b94f7360c8315

2010-11-15 08:00:49 -------- d-----w- C:\35cd89434fdecd18c9ec70006471

2010-11-15 08:00:41 -------- d-----w- C:\db4bf181cde4a54492c35930

2010-11-14 08:00:43 -------- d-----w- C:\b7c7ddd57beb7314ddd6f0c72d5bc539

2010-11-14 08:00:35 -------- d-----w- C:\a61f585be6f2d558959eba3b836c3b

2010-11-13 08:00:44 -------- d-----w- C:\7072a2f8dfd2753237

2010-11-13 08:00:37 -------- d-----w- C:\8f760064c77831825a4b0a2b67af7a36

2010-11-12 08:00:44 -------- d-----w- C:\ca9cd79162083e338bed8c

2010-11-12 08:00:37 -------- d-----w- C:\fdda769229efb9d6d39c8e081f68

==================== Find3M ====================

2010-10-07 01:42:00 2256 ----a-w- c:\docume~1\owner\applic~1\444.bat

2010-10-07 01:42:00 157 ----a-w- c:\docume~1\owner\applic~1\asdsada.bat

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: HDS722580VLSA80 rev.V32OA6MA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A096D01]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x894f685b; SUB DWORD [EBP-0x4], 0x894f612e; PUSH EDI; CALL 0xffffffffffffe0f7; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A08E030]

3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008a[0x8A0909E8]

5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A150D98]

[0x8A03A5E8] -> IRP_MJ_CREATE -> 0x8A096D01

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskHDS722580VLSA80_________________________V32OA6MA#5&21f8ef21&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A096AEA

user & kernel MBR OK

sectors 160836478 (+195): user != kernel

Warning: possible TDL3 rootkit infection !

============= FINISH: 22:08:36.42 ===============

Link to post
Share on other sites

Hi,

Please ignore Comprev's posts. He is unauthorized to post here.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 2 months later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.