Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Original pc with problem [Computer 2]


  • This topic is locked This topic is locked
3 replies to this topic

#1 Davich

Davich

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 16 July 2009 - 07:27 AM

I thought I'd post this pc's info to see if the problem can be removed from this to stop spreading

Thanks. :)

:thumbup2:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 22:12:50.09 on Thu 16/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2327 [GMT 10:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dvdcopyrip.com
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:5656
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mWinlogon: Taskman=c:\recycler\s-1-5-21-5036265840-4992420700-800395645-0678\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243351487515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gcv0s7le.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-27 310320]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-6-29 11264]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-27 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-27 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\ipsdefs\20090712.001\IDSXpx86.sys [2009-7-15 276344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-5 195856]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-27 115560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-6-3 33792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-27 101936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-5 19096]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090715.067\NAVENG.SYS [2009-7-16 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090715.067\NAVEX15.SYS [2009-7-16 875728]

=============== Created Last 30 ================

2009-07-15 21:30 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-07-15 21:30 <DIR> --d----- c:\program files\AquaSoft
2009-07-15 21:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{A95EC968-6BC7-445F-B809-2DC5D26BA624}
2009-07-14 00:09 <DIR> --d----- c:\program files\Undo Delete Trial
2009-07-13 23:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Thinstall
2009-07-13 22:46 <DIR> --d----- c:\program files\WBFS
2009-07-12 00:15 838,097 a------- C:\yep.kml
2009-07-12 00:13 31,744 a------- C:\Copy of iGO.db
2009-07-11 23:53 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-07-11 23:53 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2009-07-11 23:52 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-11 23:48 <DIR> --d----- c:\program files\iGO POI Explorer beta
2009-07-11 23:44 31,744 a------- C:\iGO.db
2009-07-11 22:22 <DIR> --d----- C:\New Folder
2009-07-11 22:09 28,672 a------- c:\windows\system32\drivers\wceusbsh.sys
2009-07-11 22:09 28,672 a------- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-11 20:17 <DIR> --d----- c:\program files\Mio DigiWalker
2009-07-11 20:07 <DIR> --d----- c:\program files\VideoLAN
2009-07-11 19:40 <DIR> --d----- c:\windows\yep
2009-07-09 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-09 18:50 <DIR> --d----- c:\program files\Security Task Manager
2009-07-08 19:01 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-08 14:02 0 a------- c:\windows\system32\winhelper.dll
2009-07-05 22:23 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-07-05 22:23 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 22:23 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 16:16 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-05 16:16 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-06-29 22:12 <DIR> --d----- c:\program files\yamipod
2009-06-29 16:57 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Preferences
2009-06-29 16:54 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Audio
2009-06-29 16:52 <DIR> --d----- c:\program files\Waves
2009-06-29 15:08 <DIR> --d----- c:\docume~1\compaq~1\applic~1\OpenOffice.org
2009-06-29 14:57 <DIR> --d----- c:\program files\JRE
2009-06-29 14:57 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-29 14:57 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 14:57 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-29 10:57 611,840 a------- c:\windows\system32\vobhw.dll
2009-06-29 10:57 153,088 a------- c:\windows\system32\IWUninstall.exe
2009-06-29 10:57 19,456 a------- c:\windows\system32\asapi.dll
2009-06-29 10:57 11,264 a------- c:\windows\system32\drivers\asapi.sys
2009-06-29 10:57 <DIR> --d----- c:\program files\VOB
2009-06-26 22:35 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-26 22:35 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-06-26 20:29 188,416 a------- c:\windows\system32\CNQ4805O.DLL
2009-06-26 20:29 1,400,832 a------- c:\windows\system32\CNQ4805C.DLL
2009-06-26 20:29 212,992 a------- c:\windows\system32\CNQ4805L.DLL
2009-06-26 20:29 98,304 a------- c:\windows\system32\CNQ4805I.DLL
2009-06-22 19:26 <DIR> --d----- c:\program files\common files\Control Panels
2009-06-22 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-06-22 18:42 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-06-22 18:42 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-06-22 18:36 <DIR> --d----- c:\program files\Bonjour
2009-06-22 18:32 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-06-22 18:22 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-06-19 19:27 12,032 -------- c:\windows\system32\dllcache\sffdisk.sys
2009-06-19 19:27 78,720 -------- c:\windows\system32\dllcache\sdbus.sys
2009-06-19 19:27 11,008 -------- c:\windows\system32\dllcache\sffp_sd.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\dllcache\sffp_mmc.sys
2009-06-17 19:05 <DIR> --d----- c:\program files\Extra Photo Slide Show

==================== Find3M ====================

2009-06-03 22:43 368,640 a------- c:\windows\system32\ReWire.dll
2009-06-03 22:43 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-05-31 16:05 778,257,984 a------- C:\Pink_ECD_missunadztood.bin
2009-05-31 16:00 693,099,120 a------- C:\pink - cant take me home.bin
2009-05-31 15:19 515,064,480 a------- C:\pink - funhouse.bin
2009-05-27 13:38 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-27 13:38 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-27 13:38 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-27 13:38 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-27 13:38 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-27 01:15 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-05-26 19:04 1,758 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RC626AA-ABG SR1915AN

AP640_YC_0Pres_QCNX635_E64APheREA1_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXH2_L409_M3071_J500_7AMD_8Sempron_91.8_#060928_N_Z_G_OTSSTcorp CD

DVDW TS-H652L_D.MRK
2009-05-08 01:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-08 01:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-27 19:29 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2007-07-12 06:28 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 22:13:30.43 ===============

MALWAREBYTES LOG.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 22:12:50.09 on Thu 16/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2327 [GMT 10:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dvdcopyrip.com
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:5656
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mWinlogon: Taskman=c:\recycler\s-1-5-21-5036265840-4992420700-800395645-0678\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243351487515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gcv0s7le.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-27 310320]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-6-29 11264]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-27 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-27 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\ipsdefs\20090712.001\IDSXpx86.sys [2009-7-15 276344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-5 195856]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-27 115560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-6-3 33792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-27 101936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-5 19096]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090715.067\NAVENG.SYS [2009-7-16 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090715.067\NAVEX15.SYS [2009-7-16 875728]

=============== Created Last 30 ================

2009-07-15 21:30 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-07-15 21:30 <DIR> --d----- c:\program files\AquaSoft
2009-07-15 21:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{A95EC968-6BC7-445F-B809-2DC5D26BA624}
2009-07-14 00:09 <DIR> --d----- c:\program files\Undo Delete Trial
2009-07-13 23:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Thinstall
2009-07-13 22:46 <DIR> --d----- c:\program files\WBFS
2009-07-12 00:15 838,097 a------- C:\yep.kml
2009-07-12 00:13 31,744 a------- C:\Copy of iGO.db
2009-07-11 23:53 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-07-11 23:53 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2009-07-11 23:52 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-11 23:48 <DIR> --d----- c:\program files\iGO POI Explorer beta
2009-07-11 23:44 31,744 a------- C:\iGO.db
2009-07-11 22:22 <DIR> --d----- C:\New Folder
2009-07-11 22:09 28,672 a------- c:\windows\system32\drivers\wceusbsh.sys
2009-07-11 22:09 28,672 a------- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-11 20:17 <DIR> --d----- c:\program files\Mio DigiWalker
2009-07-11 20:07 <DIR> --d----- c:\program files\VideoLAN
2009-07-11 19:40 <DIR> --d----- c:\windows\yep
2009-07-09 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-09 18:50 <DIR> --d----- c:\program files\Security Task Manager
2009-07-08 19:01 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-08 14:02 0 a------- c:\windows\system32\winhelper.dll
2009-07-05 22:23 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-07-05 22:23 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 22:23 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 16:16 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-05 16:16 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-06-29 22:12 <DIR> --d----- c:\program files\yamipod
2009-06-29 16:57 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Preferences
2009-06-29 16:54 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Audio
2009-06-29 16:52 <DIR> --d----- c:\program files\Waves
2009-06-29 15:08 <DIR> --d----- c:\docume~1\compaq~1\applic~1\OpenOffice.org
2009-06-29 14:57 <DIR> --d----- c:\program files\JRE
2009-06-29 14:57 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-29 14:57 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 14:57 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-29 10:57 611,840 a------- c:\windows\system32\vobhw.dll
2009-06-29 10:57 153,088 a------- c:\windows\system32\IWUninstall.exe
2009-06-29 10:57 19,456 a------- c:\windows\system32\asapi.dll
2009-06-29 10:57 11,264 a------- c:\windows\system32\drivers\asapi.sys
2009-06-29 10:57 <DIR> --d----- c:\program files\VOB
2009-06-26 22:35 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-26 22:35 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-06-26 20:29 188,416 a------- c:\windows\system32\CNQ4805O.DLL
2009-06-26 20:29 1,400,832 a------- c:\windows\system32\CNQ4805C.DLL
2009-06-26 20:29 212,992 a------- c:\windows\system32\CNQ4805L.DLL
2009-06-26 20:29 98,304 a------- c:\windows\system32\CNQ4805I.DLL
2009-06-22 19:26 <DIR> --d----- c:\program files\common files\Control Panels
2009-06-22 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-06-22 18:42 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-06-22 18:42 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-06-22 18:36 <DIR> --d----- c:\program files\Bonjour
2009-06-22 18:32 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-06-22 18:22 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-06-19 19:27 12,032 -------- c:\windows\system32\dllcache\sffdisk.sys
2009-06-19 19:27 78,720 -------- c:\windows\system32\dllcache\sdbus.sys
2009-06-19 19:27 11,008 -------- c:\windows\system32\dllcache\sffp_sd.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\dllcache\sffp_mmc.sys
2009-06-17 19:05 <DIR> --d----- c:\program files\Extra Photo Slide Show

==================== Find3M ====================

2009-06-03 22:43 368,640 a------- c:\windows\system32\ReWire.dll
2009-06-03 22:43 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-05-31 16:05 778,257,984 a------- C:\Pink_ECD_missunadztood.bin
2009-05-31 16:00 693,099,120 a------- C:\pink - cant take me home.bin
2009-05-31 15:19 515,064,480 a------- C:\pink - funhouse.bin
2009-05-27 13:38 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-27 13:38 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-27 13:38 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-27 13:38 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-27 13:38 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-27 01:15 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-05-26 19:04 1,758 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RC626AA-ABG SR1915AN

AP640_YC_0Pres_QCNX635_E64APheREA1_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXH2_L409_M3071_J500_7AMD_8Sempron_91.8_#060928_N_Z_G_OTSSTcorp CD

DVDW TS-H652L_D.MRK
2009-05-08 01:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-08 01:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-27 19:29 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2007-07-12 06:28 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 22:13:30.43 ===============

P.S. REMOVER BACKDOOR.BOT

Attached Files


Edited by Davich, 16 July 2009 - 07:29 AM.


BC AdBot (Login to Remove)

 


#2 Davich

Davich
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 18 July 2009 - 06:15 AM

Back again. My browser opened up and was telling me I have viruses. The page was Advanced Virus Remover. I've looked for help. and alot of info exists but does not help me. File names and registry entries are different.

I assume its going under a different name but can not work out what it is.

:thumbup2: It's and annoying and nasty bugger once it gets moving.



Help please.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 21:13:37.84 on Sat 18/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2268 [GMT 10:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dvdcopyrip.com
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:5656
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
mWinlogon: Taskman=c:\recycler\s-1-5-21-5036265840-4992420700-800395645-0678\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243351487515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gcv0s7le.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-27 310320]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-6-29 11264]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-27 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-27 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-18 276344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-5 195856]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-27 115560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-6-3 33792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-27 101936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-5 19096]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090717.050\NAVENG.SYS [2009-7-18 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090717.050\NAVEX15.SYS [2009-7-18 875728]

=============== Created Last 30 ================

2009-07-18 18:21 43,602 a------- c:\windows\system32\xvid-uninstall.exe
2009-07-18 18:20 <DIR> --d----- c:\program files\AviSynth 2.5
2009-07-18 18:20 <DIR> --d----- c:\program files\AutoGK
2009-07-15 21:30 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-07-15 21:30 <DIR> --d----- c:\program files\AquaSoft
2009-07-15 21:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{A95EC968-6BC7-445F-B809-2DC5D26BA624}
2009-07-14 00:09 <DIR> --d----- c:\program files\Undo Delete Trial
2009-07-13 23:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Thinstall
2009-07-13 22:46 <DIR> --d----- c:\program files\WBFS
2009-07-12 00:15 838,097 a------- C:\yep.kml
2009-07-12 00:13 31,744 a------- C:\Copy of iGO.db
2009-07-11 23:53 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-07-11 23:53 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2009-07-11 23:52 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-11 23:48 <DIR> --d----- c:\program files\iGO POI Explorer beta
2009-07-11 23:44 31,744 a------- C:\iGO.db
2009-07-11 22:22 <DIR> --d----- C:\New Folder
2009-07-11 22:09 28,672 a------- c:\windows\system32\drivers\wceusbsh.sys
2009-07-11 22:09 28,672 a------- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-11 20:17 <DIR> --d----- c:\program files\Mio DigiWalker
2009-07-11 20:07 <DIR> --d----- c:\program files\VideoLAN
2009-07-11 19:40 <DIR> --d----- c:\windows\yep
2009-07-09 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-09 18:50 <DIR> --d----- c:\program files\Security Task Manager
2009-07-08 19:01 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-08 14:02 0 a------- c:\windows\system32\winhelper.dll
2009-07-05 22:23 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-07-05 22:23 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 22:23 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 16:16 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-05 16:16 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-05 16:16 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-06-29 22:12 <DIR> --d----- c:\program files\yamipod
2009-06-29 16:57 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Preferences
2009-06-29 16:54 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Waves Audio
2009-06-29 16:52 <DIR> --d----- c:\program files\Waves
2009-06-29 15:08 <DIR> --d----- c:\docume~1\compaq~1\applic~1\OpenOffice.org
2009-06-29 14:57 <DIR> --d----- c:\program files\JRE
2009-06-29 14:57 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-29 14:57 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 14:57 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-29 10:57 611,840 a------- c:\windows\system32\vobhw.dll
2009-06-29 10:57 153,088 a------- c:\windows\system32\IWUninstall.exe
2009-06-29 10:57 19,456 a------- c:\windows\system32\asapi.dll
2009-06-29 10:57 11,264 a------- c:\windows\system32\drivers\asapi.sys
2009-06-29 10:57 <DIR> --d----- c:\program files\VOB
2009-06-26 22:35 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-26 22:35 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-06-26 20:29 188,416 a------- c:\windows\system32\CNQ4805O.DLL
2009-06-26 20:29 1,400,832 a------- c:\windows\system32\CNQ4805C.DLL
2009-06-26 20:29 212,992 a------- c:\windows\system32\CNQ4805L.DLL
2009-06-26 20:29 98,304 a------- c:\windows\system32\CNQ4805I.DLL
2009-06-22 19:26 <DIR> --d----- c:\program files\common files\Control Panels
2009-06-22 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-06-22 18:42 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-06-22 18:42 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-06-22 18:36 <DIR> --d----- c:\program files\Bonjour
2009-06-22 18:32 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-06-22 18:22 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-06-19 19:27 12,032 -------- c:\windows\system32\dllcache\sffdisk.sys
2009-06-19 19:27 78,720 -------- c:\windows\system32\dllcache\sdbus.sys
2009-06-19 19:27 11,008 -------- c:\windows\system32\dllcache\sffp_sd.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-06-19 19:27 10,240 -------- c:\windows\system32\dllcache\sffp_mmc.sys

==================== Find3M ====================

2009-06-03 22:43 368,640 a------- c:\windows\system32\ReWire.dll
2009-06-03 22:43 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-05-31 16:05 778,257,984 a------- C:\Pink_ECD_missunadztood.bin
2009-05-31 16:00 693,099,120 a------- C:\pink - cant take me home.bin
2009-05-31 15:19 515,064,480 a------- C:\pink - funhouse.bin
2009-05-27 13:38 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-27 13:38 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-27 13:38 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-27 13:38 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-27 13:38 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-27 01:15 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-05-26 19:04 1,758 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RC626AA-ABG SR1915AN AP640_YC_0Pres_QCNX635_E64APheREA1_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXH2_L409_M3071_J500_7AMD_8Sempron_91.8_#060928_N_Z_G_OTSSTcorp CD DVDW TS-H652L_D.MRK
2009-05-08 01:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-08 01:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-27 19:29 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2007-07-12 06:28 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 21:14:00.59 ===============

Attached Files



#3 Davich

Davich
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 18 July 2009 - 07:10 AM

I ran combofix on both computers and I think has fixed the prolem. I noticed after that Internet explorer icon returned to my desktop on both pcs. I don't use it but I think is a way this virus had caused the problem.

I guess you can close me this forum if you wish.

Cheers.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:51 AM

Posted 22 July 2009 - 09:19 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users