Jump to content

Struggling to recover from FakeAlert-EA and Java trojan


Recommended Posts

Computer started running terribly slow, so we ran McAfee full scan, and cleaned off a couple instances of FakeAlert-EA. Also saw an instance or two of Java-related trojan. Cleaned with McAfee. Computer remained ridiculously slow: applications often take 10+ seconds to respond, or hang indefinitely. Recently ran Anti-malware. Nothing detected, except a suspected false positive. Log is below.

Could anyone help?

Thank you!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 9.0.8112.16421

7/6/2011 2:49:42 PM

mbam-log-2011-07-06 (14-49-29).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 282925

Time elapsed: 46 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\PCUSER\downloads\broken.sword.2.remastered-kaos\d3drm.dll (Malware.Packer.Gen) -> No action taken.

-------

DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by PCUSER at 16:45:22 on 2011-07-09

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.501.87 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 111.68.59.70 114.108.192.30

TCP: Interfaces\{7EB02A15-56DD-435C-87B6-87575E95DC4A} : DhcpNameServer = 203.167.97.66 165.21.83.88

TCP: Interfaces\{98241ED5-6C0F-4FAF-A699-3449C3D3B9E6} : DhcpNameServer = 111.68.59.70 114.108.192.30

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\PCUSER\appdata\roaming\mozilla\firefox\profiles\dyasokj7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-29 218688]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-6 366640]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-8 104000]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2006-11-30 144960]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2006-11-30 54872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-6 22712]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-1-8 72264]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-8 168776]

S3 HYGZYORJWX;HYGZYORJWX;c:\users\PCUSER\appdata\local\temp\HYGZYORJWX.exe [2011-7-8 461696]

S3 JDKVZZLYFGPRNOD;JDKVZZLYFGPRNOD;c:\users\PCUSER\appdata\local\temp\JDKVZZLYFGPRNOD.exe [2011-7-8 502656]

S3 MVI;MVI;c:\users\PCUSER\appdata\local\temp\MVI.exe [2011-7-8 355200]

S3 QRTVGTZM;QRTVGTZM;c:\users\PCUSER\appdata\local\temp\QRTVGTZM.exe [2011-7-8 347008]

S3 QTICUKIOVE;QTICUKIOVE;c:\users\PCUSER\appdata\local\temp\QTICUKIOVE.exe [2011-7-8 539520]

.

=============== Created Last 30 ================

.

2011-07-09 05:23:40 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{497662e1-a8f4-47f2-b0ad-249269c29c11}\mpengine.dll

2011-07-08 18:11:14 -------- d-----w- c:\program files\SpeedFan

2011-07-06 16:43:16 -------- d-----w- c:\users\PCUSER\appdata\roaming\Malwarebytes

2011-07-06 16:43:04 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 16:43:03 -------- d-----w- c:\programdata\Malwarebytes

2011-07-06 16:43:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 16:43:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-04 04:10:01 -------- d-----w- c:\users\PCUSER\appdata\local\HP Guide

2011-07-04 03:59:38 -------- d-----w- c:\users\PCUSER\appdata\roaming\VSRevoGroup

2011-06-30 20:19:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-30 20:19:19 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-06-30 20:19:15 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-30 19:33:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-30 19:33:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-30 19:33:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-30 19:33:44 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-30 19:33:44 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-30 19:33:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-30 19:33:43 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-30 19:33:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-30 18:25:13 -------- d-----w- c:\users\PCUSER\appdata\local\Seven Zip

2011-06-30 10:00:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-06-29 18:01:15 -------- d-----w- c:\program files\Infogrames

2011-06-29 17:20:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\Broken Sword 2.5

2011-06-29 17:16:33 -------- d-----w- c:\program files\Broken Sword 2.5

2011-06-29 17:10:27 -------- d-----w- c:\program files\PowerISO

2011-06-29 16:33:10 90112 ----a-w- c:\windows\unvise32.exe

2011-06-29 15:44:55 -------- d-----w- c:\program files\THQ

2011-06-29 14:52:10 809496 ----a-r- c:\windows\system32\tmp842F.tmp

2011-06-29 14:52:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-29 14:52:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-29 14:52:10 -------- d-----w- c:\program files\OpenAL

2011-06-29 14:48:37 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-29 14:48:36 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-29 14:42:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-29 14:34:25 -------- d--h--w- c:\windows\msdownld.tmp

2011-06-29 14:34:17 -------- d-----w- c:\windows\system32\directx

2011-06-29 13:44:12 -------- d-----w- C:\Games

2011-06-29 12:07:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-06-29 12:06:59 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-06-29 11:10:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2011-06-29 11:10:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2011-06-29 11:10:03 515584 ----a-w- c:\program files\windows mail\wab.exe

2011-06-29 11:08:15 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-06-29 11:08:14 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-29 11:08:14 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-06-29 11:06:38 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll

2011-06-29 11:06:38 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2011-06-29 11:06:37 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll

2011-06-29 11:06:37 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2011-06-29 11:06:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2011-06-29 11:06:36 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-06-29 11:04:35 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-06-29 11:01:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-29 11:00:26 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-06-29 11:00:24 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-29 11:00:21 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-29 10:58:14 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-29 10:58:14 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-06-29 10:49:29 258048 ----a-w- c:\windows\system32\winspool.drv

2011-06-29 10:46:44 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-29 10:45:40 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-06-29 10:45:38 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-06-29 10:43:04 36864 ----a-w- c:\windows\system32\tsgqec.dll

2011-06-29 10:43:04 130560 ----a-w- c:\windows\system32\aaclient.dll

2011-06-29 10:43:03 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-06-29 10:43:02 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-06-29 10:42:28 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-06-29 10:39:25 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-29 10:35:37 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-06-29 10:34:04 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-06-29 10:29:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-29 10:29:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-29 10:28:25 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-29 10:24:41 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-29 10:24:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-06-29 10:24:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-29 10:24:34 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-06-29 10:24:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-06-29 10:24:23 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-06-29 10:24:23 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-06-29 10:24:23 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-06-29 10:24:22 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-06-29 10:24:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-06-29 10:24:22 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-06-29 10:24:21 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-06-29 10:22:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-06-29 10:22:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-06-29 10:15:55 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-06-29 10:15:54 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-06-29 10:15:54 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-06-29 10:15:53 322560 ----a-w- c:\windows\system32\sbe.dll

2011-06-29 10:11:30 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-06-29 10:11:29 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-29 10:11:29 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-06-29 10:11:28 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-06-29 10:11:27 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-06-29 10:10:38 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-29 10:10:18 81920 ----a-w- c:\windows\system32\consent.exe

2011-06-29 10:05:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-29 10:04:08 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-29 10:04:07 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-29 10:04:06 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 10:03:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-06-29 10:01:25 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 00:15:17 411368 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-29 00:15:17 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-06-15 08:23:56 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

==================== Find3M ====================

.

2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 16:47:07.05 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and thanks for your help!

After we ran ComboFix, we initially had trouble reopening the ComboFix log and application files after saving; received the message "Illegal operation attempted on a registry key that has been marked for deletion." Windows Explorer automatically restarted and that fixed itself but still the message persists whenever we attempt to save a DDS log. If not saved very immediately, Notepad will shut itself down and we lose the information.

However, all scans were successful. Below are the logs for MBAM, ComboFix and DDS.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7084

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

7/12/2011 6:39:05 PM

mbam-log-2011-07-12 (18-39-04).txt

Scan type: Quick scan

Objects scanned: 152973

Time elapsed: 49 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------

ComboFix Log:

ComboFix 11-07-12.04 - PCUSER 07/12/2011 19:25:19.1.1 - x86

Running from: c:\users\PCUSER\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))

.

.

2011-07-13 03:07 . 2011-07-13 03:09 -------- d-----w- c:\users\PCUSER\AppData\Local\temp

2011-07-13 03:07 . 2011-07-13 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 01:21 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{938C2E8D-2DAA-49BA-BF70-791EAAA72B43}\mpengine.dll

2011-07-08 18:11 . 2011-07-08 18:44 -------- d-----w- c:\program files\SpeedFan

2011-07-06 16:43 . 2011-07-06 16:43 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Malwarebytes

2011-07-06 16:43 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 16:43 . 2011-07-06 16:43 -------- d-----w- c:\programdata\Malwarebytes

2011-07-06 16:43 . 2011-07-06 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-06 16:43 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 04:10 . 2011-07-04 04:10 -------- d-----w- c:\users\PCUSER\AppData\Local\HP Guide

2011-07-04 03:59 . 2011-07-04 03:59 -------- d-----w- c:\users\PCUSER\AppData\Roaming\VSRevoGroup

2011-06-30 20:19 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-30 20:19 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-06-30 20:19 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-30 19:33 . 2011-06-30 19:33 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-30 19:33 . 2011-06-30 19:33 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-06-30 19:33 . 2011-06-30 19:33 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-30 19:33 . 2011-06-30 19:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-06-30 19:33 . 2011-06-30 19:33 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-06-30 19:33 . 2011-06-30 19:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-06-30 19:33 . 2011-06-30 19:33 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-06-30 19:33 . 2011-06-30 19:33 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-06-30 18:25 . 2011-06-30 18:25 -------- d-----w- c:\users\PCUSER\AppData\Local\Seven Zip

2011-06-30 10:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-06-29 18:01 . 2011-06-29 18:01 -------- d-----w- c:\program files\Infogrames

2011-06-29 17:20 . 2011-06-29 17:20 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Broken Sword 2.5

2011-06-29 17:16 . 2011-06-29 17:17 -------- d-----w- c:\program files\Broken Sword 2.5

2011-06-29 17:10 . 2011-06-29 17:26 -------- d-----w- c:\program files\PowerISO

2011-06-29 16:33 . 2003-03-16 07:15 90112 ----a-w- c:\windows\unvise32.exe

2011-06-29 15:44 . 2011-06-29 15:44 -------- d-----w- c:\program files\THQ

2011-06-29 15:10 . 2011-06-29 15:10 -------- d-----w- c:\program files\7-Zip

2011-06-29 14:56 . 2011-06-29 14:57 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Roxio

2011-06-29 14:52 . 2011-06-29 14:52 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-29 14:52 . 2011-06-29 14:52 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-29 14:52 . 2011-06-29 14:52 -------- d-----w- c:\program files\OpenAL

2011-06-29 14:52 . 2009-06-03 18:25 809496 ----a-r- c:\windows\system32\tmp842F.tmp

2011-06-29 14:48 . 2011-06-30 19:33 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-06-29 14:48 . 2011-06-30 19:33 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-06-29 14:42 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-29 13:44 . 2011-06-29 16:11 -------- d-----w- C:\Games

2011-06-29 12:07 . 2011-06-29 12:07 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-06-29 12:06 . 2011-06-29 12:08 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-06-29 12:05 . 2011-06-29 12:11 -------- d-----w- c:\users\PCUSER\AppData\Roaming\DAEMON Tools Lite

2011-06-29 12:05 . 2011-06-29 12:05 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-06-29 11:10 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2011-06-29 11:10 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2011-06-29 11:10 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2011-06-29 11:08 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-06-29 11:08 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-29 11:08 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-06-29 11:06 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-06-29 11:06 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-06-29 11:06 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-06-29 11:06 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-06-29 11:06 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-06-29 11:06 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-06-29 11:04 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-06-29 11:01 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-29 11:00 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-06-29 11:00 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-29 11:00 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-29 10:58 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-29 10:58 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-06-29 10:49 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv

2011-06-29 10:46 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-29 10:45 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-06-29 10:45 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-06-29 10:43 . 2010-12-21 15:42 36864 ----a-w- c:\windows\system32\tsgqec.dll

2011-06-29 10:43 . 2010-12-21 15:42 130560 ----a-w- c:\windows\system32\aaclient.dll

2011-06-29 10:43 . 2010-12-21 12:30 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-06-29 10:43 . 2010-12-21 15:42 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-06-29 10:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-06-29 10:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-29 10:35 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-06-29 10:34 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-06-29 10:29 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-29 10:29 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-29 10:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-29 10:24 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-29 10:24 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-29 10:24 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-06-29 10:24 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-06-29 10:24 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-06-29 10:24 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-06-29 10:24 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-06-29 10:24 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-06-29 10:24 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-06-29 10:24 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-06-29 10:24 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-06-29 10:24 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-06-29 10:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-06-29 10:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-06-29 10:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-06-29 10:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-06-29 10:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-06-29 10:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-06-29 10:11 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-06-29 10:11 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-29 10:11 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-06-29 10:11 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-06-29 10:11 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-06-29 10:10 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-29 10:10 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2011-06-29 10:05 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-29 10:04 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-29 10:04 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-29 10:04 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 10:03 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-29 10:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 00:15 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-29 00:15 . 2010-04-13 00:29 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-25 02:14 . 2009-10-10 00:47 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-30 19:33 . 2011-06-30 19:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk

backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2006-11-06 09:05 106496 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2006-11-10 18:50 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2006-10-18 17:32 472800 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2006-11-06 09:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2006-11-06 09:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2006-12-03 00:32 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-12-07 05:11 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-11-15 06:02 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

2006-10-18 17:56 317152 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-393620101-609248070-4277922102-1000]

"EnableNotificationsRef"=dword:00000002

.

R3 HYGZYORJWX;HYGZYORJWX;c:\users\PCUSER\AppData\Local\Temp\HYGZYORJWX.exe [x]

R3 JDKVZZLYFGPRNOD;JDKVZZLYFGPRNOD;c:\users\PCUSER\AppData\Local\Temp\JDKVZZLYFGPRNOD.exe [x]

R3 MVI;MVI;c:\users\PCUSER\AppData\Local\Temp\MVI.exe [x]

R3 QRTVGTZM;QRTVGTZM;c:\users\PCUSER\AppData\Local\Temp\QRTVGTZM.exe [x]

R3 QTICUKIOVE;QTICUKIOVE;c:\users\PCUSER\AppData\Local\Temp\QTICUKIOVE.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-29 218688]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AXRYRPOW

*Deregistered* - axryrpow

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = about:Tabs

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 111.68.59.70 114.108.192.30

FF - ProfilePath - c:\users\PCUSER\AppData\Roaming\Mozilla\Firefox\Profiles\dyasokj7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe

MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-12 20:08

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-07-12 20:24:48

ComboFix-quarantined-files.txt 2011-07-13 03:24

.

Pre-Run: 31,387,013,120 bytes free

Post-Run: 31,336,005,632 bytes free

.

- - End Of File - - BBB5BD3EAAD374BE672D8C7FBD9CB5F3

------

DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by PCUSER at 21:02:18 on 2011-07-12

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.501.66 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\vssvc.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 111.68.59.70 114.108.192.30

TCP: Interfaces\{7EB02A15-56DD-435C-87B6-87575E95DC4A} : DhcpNameServer = 203.167.97.66 165.21.83.88

TCP: Interfaces\{98241ED5-6C0F-4FAF-A699-3449C3D3B9E6} : DhcpNameServer = 111.68.59.70 114.108.192.30

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\PCUSER\appdata\roaming\mozilla\firefox\profiles\dyasokj7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-29 218688]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-6 22712]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-1-8 72264]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-8 168776]

SUnknown rootrepeal;rootrepeal; [x]

.

=============== Created Last 30 ================

.

2011-07-13 03:25:25 -------- d-----w- c:\users\PCUSER\appdata\local\temp

2011-07-13 03:18:10 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-13 01:59:13 208896 ----a-w- c:\windows\MBR.exe

2011-07-13 01:59:07 256000 ----a-w- c:\windows\PEV.exe

2011-07-13 01:59:06 518144 ----a-w- c:\windows\SWREG.exe

2011-07-13 01:59:05 98816 ----a-w- c:\windows\sed.exe

2011-07-13 01:58:04 -------- d-----w- C:\ComboFix

2011-07-13 01:21:42 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{938c2e8d-2daa-49ba-bf70-791eaaa72b43}\mpengine.dll

2011-07-08 18:11:14 -------- d-----w- c:\program files\SpeedFan

2011-07-06 16:43:16 -------- d-----w- c:\users\PCUSER\appdata\roaming\Malwarebytes

2011-07-06 16:43:04 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 16:43:03 -------- d-----w- c:\programdata\Malwarebytes

2011-07-06 16:43:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 16:43:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-04 04:10:01 -------- d-----w- c:\users\PCUSER\appdata\local\HP Guide

2011-07-04 03:59:38 -------- d-----w- c:\users\PCUSER\appdata\roaming\VSRevoGroup

2011-06-30 20:19:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-30 20:19:19 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-06-30 20:19:15 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-30 19:33:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-30 19:33:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-30 19:33:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-30 19:33:44 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-30 19:33:44 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-30 19:33:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-30 19:33:43 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-30 19:33:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-30 18:25:13 -------- d-----w- c:\users\PCUSER\appdata\local\Seven Zip

2011-06-30 10:00:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-06-29 18:01:15 -------- d-----w- c:\program files\Infogrames

2011-06-29 17:20:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\Broken Sword 2.5

2011-06-29 17:16:33 -------- d-----w- c:\program files\Broken Sword 2.5

2011-06-29 17:10:27 -------- d-----w- c:\program files\PowerISO

2011-06-29 16:33:10 90112 ----a-w- c:\windows\unvise32.exe

2011-06-29 15:44:55 -------- d-----w- c:\program files\THQ

2011-06-29 14:52:10 809496 ----a-r- c:\windows\system32\tmp842F.tmp

2011-06-29 14:52:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-29 14:52:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-29 14:52:10 -------- d-----w- c:\program files\OpenAL

2011-06-29 14:48:37 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-29 14:48:36 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-29 14:42:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-29 14:34:25 -------- d--h--w- c:\windows\msdownld.tmp

2011-06-29 14:34:17 -------- d-----w- c:\windows\system32\directx

2011-06-29 13:44:12 -------- d-----w- C:\Games

2011-06-29 12:07:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-06-29 12:06:59 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-06-29 11:10:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2011-06-29 11:10:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2011-06-29 11:10:03 515584 ----a-w- c:\program files\windows mail\wab.exe

2011-06-29 11:08:15 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-06-29 11:08:14 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-29 11:08:14 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-06-29 11:06:38 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll

2011-06-29 11:06:38 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2011-06-29 11:06:37 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll

2011-06-29 11:06:37 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2011-06-29 11:06:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2011-06-29 11:06:36 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-06-29 11:04:35 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-06-29 11:01:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-29 11:00:26 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-06-29 11:00:24 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-29 11:00:21 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-29 10:58:14 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-29 10:58:14 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-06-29 10:49:29 258048 ----a-w- c:\windows\system32\winspool.drv

2011-06-29 10:46:44 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-29 10:45:40 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-06-29 10:45:38 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-06-29 10:43:04 36864 ----a-w- c:\windows\system32\tsgqec.dll

2011-06-29 10:43:04 130560 ----a-w- c:\windows\system32\aaclient.dll

2011-06-29 10:43:03 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-06-29 10:43:02 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-06-29 10:42:28 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-06-29 10:39:25 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-29 10:35:37 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-06-29 10:34:04 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-06-29 10:29:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-29 10:29:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-29 10:28:25 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-29 10:24:41 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-29 10:24:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-06-29 10:24:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-29 10:24:34 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-06-29 10:24:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-06-29 10:24:23 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-06-29 10:24:23 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-06-29 10:24:23 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-06-29 10:24:22 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-06-29 10:24:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-06-29 10:24:22 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-06-29 10:24:21 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-06-29 10:22:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-06-29 10:22:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-06-29 10:15:55 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-06-29 10:15:54 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-06-29 10:15:54 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-06-29 10:15:53 322560 ----a-w- c:\windows\system32\sbe.dll

2011-06-29 10:11:30 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-06-29 10:11:29 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-29 10:11:29 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-06-29 10:11:28 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-06-29 10:11:27 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-06-29 10:10:38 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-29 10:10:18 81920 ----a-w- c:\windows\system32\consent.exe

2011-06-29 10:05:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-29 10:04:08 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-29 10:04:07 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-29 10:04:06 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 10:03:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-06-29 10:01:25 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 00:15:17 411368 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-29 00:15:17 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-06-15 08:23:56 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

==================== Find3M ====================

.

2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 21:05:21.39 ===============

Link to post
Share on other sites

Here are the ComboFix and DDS logs. ComboFix reported an error after running: "Illegal operation attempted on the registry key." Not sure what it means.

ComboFix 11-07-17.01 - PCUSER 07/17/2011 18:46:35.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.501.126 [GMT -7:00]

Running from: c:\users\PCUSER\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))

.

.

2011-07-18 01:57 . 2011-07-18 01:58 -------- d-----w- c:\users\PCUSER\AppData\Local\temp

2011-07-18 01:57 . 2011-07-18 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-16 10:06 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-16 10:00 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 10:00 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-16 08:38 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{884E9783-59F8-4966-A6D2-91415B55251D}\mpengine.dll

2011-07-08 18:11 . 2011-07-08 18:44 -------- d-----w- c:\program files\SpeedFan

2011-07-06 16:43 . 2011-07-06 16:43 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Malwarebytes

2011-07-06 16:43 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 16:43 . 2011-07-06 16:43 -------- d-----w- c:\programdata\Malwarebytes

2011-07-06 16:43 . 2011-07-06 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-06 16:43 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 04:10 . 2011-07-04 04:10 -------- d-----w- c:\users\PCUSER\AppData\Local\HP Guide

2011-07-04 03:59 . 2011-07-04 03:59 -------- d-----w- c:\users\PCUSER\AppData\Roaming\VSRevoGroup

2011-06-30 20:19 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-30 20:19 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-06-30 20:19 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-30 19:33 . 2011-06-30 19:33 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-30 19:33 . 2011-06-30 19:33 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-06-30 19:33 . 2011-06-30 19:33 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-30 19:33 . 2011-06-30 19:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-06-30 19:33 . 2011-06-30 19:33 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-06-30 19:33 . 2011-06-30 19:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-06-30 19:33 . 2011-06-30 19:33 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-06-30 19:33 . 2011-06-30 19:33 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-06-30 18:25 . 2011-06-30 18:25 -------- d-----w- c:\users\PCUSER\AppData\Local\Seven Zip

2011-06-30 10:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-06-29 18:01 . 2011-06-29 18:01 -------- d-----w- c:\program files\Infogrames

2011-06-29 17:20 . 2011-06-29 17:20 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Broken Sword 2.5

2011-06-29 17:16 . 2011-06-29 17:17 -------- d-----w- c:\program files\Broken Sword 2.5

2011-06-29 17:10 . 2011-06-29 17:26 -------- d-----w- c:\program files\PowerISO

2011-06-29 16:33 . 2003-03-16 07:15 90112 ----a-w- c:\windows\unvise32.exe

2011-06-29 15:44 . 2011-06-29 15:44 -------- d-----w- c:\program files\THQ

2011-06-29 15:10 . 2011-06-29 15:10 -------- d-----w- c:\program files\7-Zip

2011-06-29 14:56 . 2011-06-29 14:57 -------- d-----w- c:\users\PCUSER\AppData\Roaming\Roxio

2011-06-29 14:52 . 2011-06-29 14:52 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-29 14:52 . 2011-06-29 14:52 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-29 14:52 . 2011-06-29 14:52 -------- d-----w- c:\program files\OpenAL

2011-06-29 14:52 . 2009-06-03 18:25 809496 ----a-r- c:\windows\system32\tmp842F.tmp

2011-06-29 14:48 . 2011-06-30 19:33 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-06-29 14:48 . 2011-06-30 19:33 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-06-29 14:42 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-29 13:44 . 2011-06-29 16:11 -------- d-----w- C:\Games

2011-06-29 12:07 . 2011-06-29 12:07 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-06-29 12:06 . 2011-06-29 12:08 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-06-29 12:05 . 2011-06-29 12:11 -------- d-----w- c:\users\PCUSER\AppData\Roaming\DAEMON Tools Lite

2011-06-29 12:05 . 2011-06-29 12:05 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-06-29 11:10 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2011-06-29 11:10 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2011-06-29 11:10 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2011-06-29 11:08 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-06-29 11:08 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-29 11:08 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-06-29 11:06 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-06-29 11:06 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-06-29 11:06 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-06-29 11:06 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-06-29 11:06 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-06-29 11:06 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-06-29 11:04 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-06-29 11:01 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-29 11:00 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-06-29 11:00 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-29 11:00 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-29 10:58 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-29 10:58 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-06-29 10:49 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv

2011-06-29 10:46 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-29 10:45 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-06-29 10:45 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-06-29 10:43 . 2010-12-21 15:42 36864 ----a-w- c:\windows\system32\tsgqec.dll

2011-06-29 10:43 . 2010-12-21 15:42 130560 ----a-w- c:\windows\system32\aaclient.dll

2011-06-29 10:43 . 2010-12-21 12:30 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-06-29 10:43 . 2010-12-21 15:42 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-06-29 10:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-06-29 10:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-29 10:34 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-06-29 10:29 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-29 10:29 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-29 10:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-29 10:24 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-29 10:24 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-29 10:24 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-06-29 10:24 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-06-29 10:24 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-06-29 10:24 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-06-29 10:24 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-06-29 10:24 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-06-29 10:24 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-06-29 10:24 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-06-29 10:24 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-06-29 10:24 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-06-29 10:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-06-29 10:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-06-29 10:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-06-29 10:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-06-29 10:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-06-29 10:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-06-29 10:11 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-06-29 10:11 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-29 10:11 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-06-29 10:11 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-06-29 10:11 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-06-29 10:10 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-29 10:10 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2011-06-29 10:05 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-29 10:04 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-29 10:04 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-29 10:04 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 10:03 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-29 10:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 00:15 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-29 00:15 . 2010-04-13 00:29 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-05-25 02:14 . 2009-10-10 00:47 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-30 19:33 . 2011-06-30 19:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk

backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2006-11-06 09:05 106496 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2006-11-10 18:50 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2006-10-18 17:32 472800 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2006-11-06 09:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2006-11-06 09:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2006-12-03 00:32 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-12-07 05:11 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-11-15 06:02 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

2006-10-18 17:56 317152 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-393620101-609248070-4277922102-1000]

"EnableNotificationsRef"=dword:00000002

.

R3 HYGZYORJWX;HYGZYORJWX;c:\users\PCUSER\AppData\Local\Temp\HYGZYORJWX.exe [x]

R3 JDKVZZLYFGPRNOD;JDKVZZLYFGPRNOD;c:\users\PCUSER\AppData\Local\Temp\JDKVZZLYFGPRNOD.exe [x]

R3 MVI;MVI;c:\users\PCUSER\AppData\Local\Temp\MVI.exe [x]

R3 QRTVGTZM;QRTVGTZM;c:\users\PCUSER\AppData\Local\Temp\QRTVGTZM.exe [x]

R3 QTICUKIOVE;QTICUKIOVE;c:\users\PCUSER\AppData\Local\Temp\QTICUKIOVE.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-29 218688]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = about:Tabs

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 111.68.59.70 114.108.192.30

FF - ProfilePath - c:\users\PCUSER\AppData\Roaming\Mozilla\Firefox\Profiles\dyasokj7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-17 18:58

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-07-17 19:05:31

ComboFix-quarantined-files.txt 2011-07-18 02:04

ComboFix2.txt 2011-07-13 03:24

.

Pre-Run: 31,505,907,712 bytes free

Post-Run: 31,605,407,744 bytes free

.

- - End Of File - - B0131AAE3BC08F96D0CA0BD6B5E6E286

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by PCUSER at 19:38:20 on 2011-07-17

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.501.74 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 111.68.59.70 114.108.192.30

TCP: Interfaces\{7EB02A15-56DD-435C-87B6-87575E95DC4A} : DhcpNameServer = 203.167.97.66 165.21.83.88

TCP: Interfaces\{98241ED5-6C0F-4FAF-A699-3449C3D3B9E6} : DhcpNameServer = 111.68.59.70 114.108.192.30

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\PCUSER\appdata\roaming\mozilla\firefox\profiles\dyasokj7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-29 218688]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-8 104000]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2006-11-30 144960]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2006-11-30 54872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-6 22712]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-1-8 72264]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-8 168776]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-6 366640]

S3 HYGZYORJWX;HYGZYORJWX;c:\users\PCUSER\appdata\local\temp\hygzyorjwx.exe --> c:\users\PCUSER\appdata\local\temp\HYGZYORJWX.exe [?]

S3 JDKVZZLYFGPRNOD;JDKVZZLYFGPRNOD;c:\users\PCUSER\appdata\local\temp\jdkvzzlyfgprnod.exe --> c:\users\PCUSER\appdata\local\temp\JDKVZZLYFGPRNOD.exe [?]

S3 MVI;MVI;c:\users\PCUSER\appdata\local\temp\mvi.exe --> c:\users\PCUSER\appdata\local\temp\MVI.exe [?]

S3 QRTVGTZM;QRTVGTZM;c:\users\PCUSER\appdata\local\temp\qrtvgtzm.exe --> c:\users\PCUSER\appdata\local\temp\QRTVGTZM.exe [?]

S3 QTICUKIOVE;QTICUKIOVE;c:\users\PCUSER\appdata\local\temp\qticukiove.exe --> c:\users\PCUSER\appdata\local\temp\QTICUKIOVE.exe [?]

.

=============== Created Last 30 ================

.

2011-07-18 02:05:39 -------- d-----w- c:\users\PCUSER\appdata\local\temp

2011-07-18 02:02:33 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-18 01:42:55 -------- d-----w- C:\ComboFix

2011-07-16 10:06:33 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-16 10:00:46 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 10:00:39 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-16 08:38:13 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{884e9783-59f8-4966-a6d2-91415b55251d}\mpengine.dll

2011-07-13 01:59:13 208896 ----a-w- c:\windows\MBR.exe

2011-07-13 01:59:07 256000 ----a-w- c:\windows\PEV.exe

2011-07-13 01:59:06 518144 ----a-w- c:\windows\SWREG.exe

2011-07-13 01:59:05 98816 ----a-w- c:\windows\sed.exe

2011-07-08 18:11:14 -------- d-----w- c:\program files\SpeedFan

2011-07-06 16:43:16 -------- d-----w- c:\users\PCUSER\appdata\roaming\Malwarebytes

2011-07-06 16:43:04 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 16:43:03 -------- d-----w- c:\programdata\Malwarebytes

2011-07-06 16:43:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 16:43:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-04 04:10:01 -------- d-----w- c:\users\PCUSER\appdata\local\HP Guide

2011-07-04 03:59:38 -------- d-----w- c:\users\PCUSER\appdata\roaming\VSRevoGroup

2011-06-30 20:19:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-30 20:19:19 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-06-30 20:19:15 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-30 19:33:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-30 19:33:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-30 19:33:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-30 19:33:44 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-30 19:33:44 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-30 19:33:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-30 19:33:43 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-30 19:33:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-30 18:25:13 -------- d-----w- c:\users\PCUSER\appdata\local\Seven Zip

2011-06-30 10:00:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-06-29 18:01:15 -------- d-----w- c:\program files\Infogrames

2011-06-29 17:20:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\Broken Sword 2.5

2011-06-29 17:16:33 -------- d-----w- c:\program files\Broken Sword 2.5

2011-06-29 17:10:27 -------- d-----w- c:\program files\PowerISO

2011-06-29 16:33:10 90112 ----a-w- c:\windows\unvise32.exe

2011-06-29 15:44:55 -------- d-----w- c:\program files\THQ

2011-06-29 14:52:10 809496 ----a-r- c:\windows\system32\tmp842F.tmp

2011-06-29 14:52:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-29 14:52:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-29 14:52:10 -------- d-----w- c:\program files\OpenAL

2011-06-29 14:48:37 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-29 14:48:36 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-29 14:42:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-29 14:34:25 -------- d--h--w- c:\windows\msdownld.tmp

2011-06-29 14:34:17 -------- d-----w- c:\windows\system32\directx

2011-06-29 13:44:12 -------- d-----w- C:\Games

2011-06-29 12:07:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-06-29 12:06:59 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\users\PCUSER\appdata\roaming\DAEMON Tools Lite

2011-06-29 12:05:36 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-06-29 11:10:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2011-06-29 11:10:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2011-06-29 11:10:03 515584 ----a-w- c:\program files\windows mail\wab.exe

2011-06-29 11:08:15 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-06-29 11:08:14 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-29 11:08:14 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-06-29 11:06:38 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll

2011-06-29 11:06:38 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2011-06-29 11:06:37 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll

2011-06-29 11:06:37 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2011-06-29 11:06:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2011-06-29 11:06:36 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-06-29 11:04:35 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-06-29 11:01:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-29 11:00:26 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-06-29 11:00:24 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-29 11:00:21 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-29 10:58:14 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-29 10:58:14 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-06-29 10:49:29 258048 ----a-w- c:\windows\system32\winspool.drv

2011-06-29 10:46:44 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-29 10:45:40 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-06-29 10:45:38 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-06-29 10:43:04 36864 ----a-w- c:\windows\system32\tsgqec.dll

2011-06-29 10:43:04 130560 ----a-w- c:\windows\system32\aaclient.dll

2011-06-29 10:43:03 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-06-29 10:43:02 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-06-29 10:42:28 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-06-29 10:39:25 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-29 10:34:04 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-06-29 10:29:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-29 10:29:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-29 10:28:25 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-29 10:24:41 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-29 10:24:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-06-29 10:24:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-29 10:24:34 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-06-29 10:24:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-06-29 10:24:23 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-06-29 10:24:23 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-06-29 10:24:23 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-06-29 10:24:22 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-06-29 10:24:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-06-29 10:24:22 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-06-29 10:24:21 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-06-29 10:22:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-06-29 10:22:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-06-29 10:15:55 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-06-29 10:15:54 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-06-29 10:15:54 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-06-29 10:15:53 322560 ----a-w- c:\windows\system32\sbe.dll

2011-06-29 10:11:30 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-06-29 10:11:29 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-29 10:11:29 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-06-29 10:11:28 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-06-29 10:11:27 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-06-29 10:10:38 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-29 10:10:18 81920 ----a-w- c:\windows\system32\consent.exe

2011-06-29 10:05:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-29 10:04:08 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-29 10:04:07 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-29 10:04:06 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 10:03:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-06-29 10:01:25 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 00:15:17 411368 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-29 00:15:17 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

==================== Find3M ====================

.

2011-06-15 08:23:56 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 19:39:40.34 ===============

Link to post
Share on other sites

  • Staff

Restart your computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hello. I have run the programs you have suggested. Log.txt from ESET is 1st text below, and your security check program is after. Oddly, since we disabled Internet Explorer add-ons (including Java TM Plug-in 2 ssv helper, which took 7 seconds to load!) and ESET started, the computer is running much faster!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.17

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee VirusScan Enterprise

McAfee AntiSpyware Enterprise Module

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 20

Java SE Runtime Environment 6

Java 6 Update 2

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 9 (Out of date Flash Player installed!)

Flash Player Out of Date!

Adobe Flash Player 10.0.45.2

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

system32 OnlineCmdLineScanner.exe -?-

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 20

Java™ SE Runtime Environment 6

Java™ 6 Update 2

Java™ 6 Update 7

Adobe Flash Player 9

Adobe Flash Player 10.0.45.2

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi! After running the new java and adobe flash, the internet pages loaded much much faster. But, like the last time we posted, after we rebooted the computer, it started running very very slow again. After several minutes, the computer starts running much much faster. We're not sure if the computer needs time to warm up and cool down; we suspect that the computer needs it's fan(s) replaced because the computer keeps getting unusually warm. Is there anything we need to know about that?

For example, after uninstalling and reinstalling several programs then rebooting again, I couldn't remember whether or not we had ran the Defogger.exe (back with the initial mbam and attach files) and I couldn't find it on the desktop. I went into Computer and Windows Explorer would not respond. 15 minutes later, it is back to running normally.

Also, "Notepad has stopped working" still pops up after trying to search for a file to open and closes automatically. (Wordpad works however.) Whenever we check the Windows Updates in the control panel, as is the recommended fix, it always shows up "Windows is up to date."

Link to post
Share on other sites

  • Staff

Hmm.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Ok. thanks for your help. Is there anything I need to do with my computer before I try to add more ram or fix the fans? I couldn't find the debugger.exe application on my desktop last time.... how can I make sure my CD emulation drivers are still working? Is there anything else we should uninstall?

Link to post
Share on other sites

  • Staff

Please download DeFogger to your Desktop.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Also delete DDS and any associated logs. Let me know if there's anything else I can help with.

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Reboot. If the error persists, please post a picture of it.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

We also switched from McAfee to Microsoft Security Essentials though we use Windows Firewall. In the article you posted, they recommended other firewalls for Windows XP. Considering there was a registry key problem last time, would you recommend a good free firewall or sticking to Windows Firewall?

Otherwise, we did those installations and replaced the 512MB with 2GB and thus far the computer is working quickly and well. However, I do have a question about the heat. I played an application. The keyboard started warming up after about 15 minutes into it. After an hour, I ran Speedfan. I'm not sure if you're familiar with it, but the Readings came up with:

Found ACPI temperature

Found Intel® Celeron ® M CPU 440 @ 1.86 GHz

End of detection

(flame icon) HD0: 50C

(flame icon) Temp1: 72C

(downwards arrow) Temp2: 27C

(flame icon) Core 0: 69C

Are these normal temperatures? To me, the trackpad becomes uncomfortable. Would you recommend getting the fan or fans (is there more than one?) cleaned out by a technician or replaced? Do we risk damaging the internal hardware?

thanks for your help!

Link to post
Share on other sites

  • Staff

The one that comes with Vista should be sufficient. If you're looking for one with additional features and customization, I recommend the following:

Sunbelt Personal Firewall

Comodo

Outpost

Those temperatures are on the high side and I would recommend having a technician clean out the fans and heatsinks to ensure adequate airflow. Purchasing an additional fan for the laptop to sit on may also be a good idea.

Link to post
Share on other sites

Thank you so much for your help. we're kinda procrastinating but the computer works so much faster and better than it did before. we also thought your program several takes ago was a neat little program. Again, thank you so much for your help and your advice!!!

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.