Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help Needed


  • This topic is locked This topic is locked
2 replies to this topic

#1 YesMalwareDoesBite

YesMalwareDoesBite

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 09 April 2010 - 03:32 PM

I have been trying to clean some annoying malware off one of my computer for the last week. Any and all help is much appreciated. Here is the ComboFix Log.



ComboFix 10-04-08.06 - ahs 04/09/2010 12:46:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00]
Running from: c:\documents and settings\ahs\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: WebrootŪ Client Security *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3424103056-2704896269-1602444226-500
c:\windows\Downloaded Program Files\t1fonts
c:\windows\Downloaded Program Files\t1fonts\Adobe-GB1.cidToUnicode
c:\windows\Downloaded Program Files\t1fonts\Adobe-Japan1.cidToUnicode
c:\windows\Downloaded Program Files\t1fonts\CMap\78-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78ms-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78ms-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\83pv-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\90msp-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90msp-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-UCS2C
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-0
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-1
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-3
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-4
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-0
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-1
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-3
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-4
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK2K-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK2K-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBKp-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBKp-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-UCS2C
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBTpc-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBTpc-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\H
c:\windows\Downloaded Program Files\t1fonts\CMap\Hankaku
c:\windows\Downloaded Program Files\t1fonts\CMap\Hiragana
c:\windows\Downloaded Program Files\t1fonts\CMap\Katakana
c:\windows\Downloaded Program Files\t1fonts\CMap\NWP-H
c:\windows\Downloaded Program Files\t1fonts\CMap\NWP-V
c:\windows\Downloaded Program Files\t1fonts\CMap\RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Roman
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UCS2-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF16-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF16-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF8-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-HW-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-HW-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF16-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF16-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF8-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UCS2-HW-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\V
c:\windows\Downloaded Program Files\t1fonts\CMap\WP-Symbol
c:\windows\Downloaded Program Files\t1fonts\d050000l.pfb
c:\windows\Downloaded Program Files\t1fonts\EUC-CN.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\EUC-JP.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\GBK.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\ISO-2022-CN.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\ISO-2022-JP.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\n019003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019024l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021024l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022024l.pfb
c:\windows\Downloaded Program Files\t1fonts\s050000l.pfb
c:\windows\Downloaded Program Files\t1fonts\Shift-JIS.unicodeMap
c:\windows\system32\ddabbb.dll
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\opqqpq.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\Temp\tmp3.tmp

----- BITS: Possible infected sites -----

hxxp://liveupdate.symantec.com
.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 16:14 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 16:14 . 2010-04-09 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 16:14 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 15:51 . 2010-04-09 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 15:07 . 2010-04-09 15:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-09 15:07 . 2010-04-09 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-09 15:07 . 2010-04-09 15:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-09 11:58 . 2010-04-09 11:58 94720 ---ha-w- c:\windows\system32\efcccb.dll
2010-04-09 05:15 . 2010-04-09 14:11 -------- d-----w- c:\windows\system32\drivers\NIS
2010-04-09 05:15 . 2010-04-09 05:15 -------- d-----w- c:\program files\Norton Internet Security
2010-04-09 05:14 . 2010-04-09 05:14 -------- d-----w- c:\program files\NortonInstaller
2010-04-09 00:15 . 2010-04-09 00:15 94720 ---ha-w- c:\windows\system32\ljiged.dll
2010-04-08 21:23 . 2010-04-08 21:23 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Identities
2010-04-08 18:13 . 2010-04-09 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-08 16:19 . 2010-04-08 16:19 -------- d-----w- c:\program files\Windows Sidebar
2010-04-08 12:30 . 2010-04-08 17:24 -------- d-----w- c:\program files\VS Revo Group
2010-04-07 18:33 . 2010-04-07 18:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-04-06 13:17 . 2010-04-08 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-04 15:59 . 2010-04-04 15:59 -------- d-----w- c:\windows\LMIF8.tmp
2010-04-02 23:49 . 2010-04-02 23:54 -------- d-----w- c:\program files\DivX
2010-04-02 23:48 . 2010-04-02 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-31 02:03 . 2010-03-31 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 01:58 . 2010-03-31 01:59 -------- d-----w- c:\program files\QuickTime
2010-03-31 01:52 . 2010-03-31 01:52 -------- d-----w- c:\program files\Bonjour
2010-03-27 15:07 . 2010-03-29 02:12 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Tific
2010-03-27 15:07 . 2010-04-09 05:21 -------- d-----w- c:\documents and settings\ahs\Application Data\Tific
2010-03-27 15:06 . 2010-04-09 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-27 15:00 . 2010-03-27 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-27 14:37 . 2010-03-27 14:37 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Nero
2010-03-18 18:46 . 2010-03-19 16:17 -------- d-----w- c:\documents and settings\ahs\Application Data\skypePM
2010-03-18 18:46 . 2010-03-18 18:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-18 18:38 . 2010-03-19 19:00 -------- d-----w- c:\documents and settings\ahs\Application Data\Skype
2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 16:59 . 2010-01-19 19:12 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-09 15:40 . 2009-03-18 19:50 -------- d-----w- c:\documents and settings\ahs\Application Data\mjusbsp
2010-04-09 15:32 . 2007-07-16 14:30 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 15:09 . 2007-04-24 22:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 15:07 . 2010-04-09 15:07 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-09 05:21 . 2010-04-09 05:16 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2010-04-09 05:20 . 2007-02-22 01:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-09 05:20 . 2010-04-09 07:41 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVENG.SYS
2010-04-09 05:20 . 2010-04-09 07:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVENG32.DLL
2010-04-09 05:20 . 2010-04-09 07:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVEX32A.DLL
2010-04-09 05:20 . 2010-04-09 07:41 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVEX15.SYS
2010-04-09 05:20 . 2010-04-09 07:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\EECTRL.SYS
2010-04-09 05:20 . 2010-04-09 07:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\CCERASER.DLL
2010-04-09 05:20 . 2010-04-09 07:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\ECMSVR32.DLL
2010-04-09 05:20 . 2010-04-09 07:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\ERASER.SYS
2010-04-09 05:18 . 2007-02-22 00:58 -------- d-----w- c:\program files\Google
2010-04-09 05:16 . 2007-02-22 01:08 -------- d-----w- c:\program files\Symantec
2010-04-09 05:16 . 2008-09-04 19:20 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-09 05:16 . 2008-09-04 19:20 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-22 15:36 . 2010-04-02 23:51 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-22 01:08 . 2007-04-28 16:38 -------- d-----w- c:\program files\dl_cats
2010-03-19 16:17 . 2009-08-18 15:07 -------- d-----w- c:\program files\Common Files\logishrd
2010-03-01 16:50 . 2009-10-30 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-02-28 15:53 . 2010-02-28 15:53 5514304 ----a-w- c:\documents and settings\ahs\Application Data\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-04-09 15:39 6870864 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\setup.exe
2010-02-26 23:51 . 2010-03-02 15:41 6870864 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\Upgrade\setup2.exe
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-04-09 15:39 743872 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\ar00000\install.exe
2010-02-26 23:45 . 2010-03-02 15:41 743872 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\cdloader2.exe
2010-02-25 06:24 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 22:20 . 2010-02-20 22:20 50354 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\uninstall.exe
2010-02-20 22:20 . 2010-02-20 22:20 -------- d-----w- c:\documents and settings\ahs\Application Data\Facebook
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-09 19:13 . 2007-04-24 22:19 24892 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-08 19:52 . 2010-01-27 01:02 -------- d-----w- c:\documents and settings\ahs\Application Data\vlc
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\documents and settings\ahs\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 01:45 . 2010-04-08 18:16 38784 ----a-w- c:\documents and settings\ahs\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-27 14:36 . 2010-01-27 14:36 503808 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\msvcp71.dll
2010-01-27 14:36 . 2010-01-27 14:36 499712 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\jmc.dll
2010-01-27 14:36 . 2010-01-27 14:36 348160 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\msvcr71.dll
2010-01-27 14:36 . 2010-01-27 14:36 61440 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c9688d0-n\decora-sse.dll
2010-01-27 14:36 . 2010-01-27 14:36 12800 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c9688d0-n\decora-d3d.dll
2010-01-21 14:11 . 2007-04-26 18:40 24160 ----a-w- c:\documents and settings\ahs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2000-06-05 22:47 . 2000-06-05 22:47 32768 ------w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2007-05-18 17:31 . 2007-04-28 16:50 56 --sh--r- c:\windows\system32\77A004A622.sys
2007-05-18 17:31 . 2007-04-28 16:50 3974 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\ahs\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"kheddadrv"="ljiged.dll" [2010-04-09 94720]
"effcbcdrv"="efcccb.dll" [2010-04-09 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"ScanSoft PDF Converter 4-reminder"="c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 35368]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.EXE" [2007-10-25 414064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"sstqrodrv"="ljiged.dll" [2010-04-09 94720]
"gebxwxdrv"="efcccb.dll" [2010-04-09 94720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"pmlkijdrv"="ljiged.dll" [2010-04-09 94720]
"xxvvtudrv"="efcccb.dll" [2010-04-09 94720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-21 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-443285892-922157800-1361943892-6203\Scripts\Logon\0\0]
"Script"=printer.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2006-06-14 12:51 286720 ------w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-15 10:03 307200 ------w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-13 19:16 133104 ----atw- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-06-02 12:59 5451536 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-27 11:34 299008 ------w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2006-12-19 06:12 46632 ------w- c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 23:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [4/9/2010 3:40 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [4/9/2010 3:40 AM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [4/9/2010 3:40 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [4/9/2010 3:40 AM 116784]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 11:00 PM 3456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/9/2010 3:41 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100402.001\IDSXpx86.sys [4/9/2010 1:20 AM 329592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61550F6B-DAE3-4CF7-86C1-E823273AB166}]
2009-08-03 14:15 87424 ----a-w- c:\program files\Capital IQ\Excel Plug-in\CIQControlUtilityCLI.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 17:29]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 17:29]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443285892-922157800-1361943892-6203Core.job
- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 19:16]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443285892-922157800-1361943892-6203UA.job
- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {8DA26812-F2DD-498F-90EA-F22C22049FFF} - hxxps://bdr125107.bmcgroup.com/BMCViewer.CAB
FF - ProfilePath - c:\documents and settings\ahs\Application Data\Mozilla\Firefox\Profiles\ab40gs33.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\ahs\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\ahs\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-xxvstudrv - opqqpq.dll
HKLM-Run-fcyaxysys - ddabbb.dll
HKLM-Run-khiggddrv - opqqpq.dll
HKU-Default-Run-qommlmsys - ddabbb.dll
HKU-Default-Run-tuspqqdrv - opqqpq.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 13:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\WRLogonNtf.DLL
c:\windows\system32\ljiged.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ljiged.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sling Media\SlingAgent\SlingAgentService.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Webroot\Client\commagent.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\imapi.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Webroot\Client\spysweeper.exe
.
**************************************************************************
.
Completion time: 2010-04-09 13:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-09 17:05

Pre-Run: 17,798,725,632 bytes free
Post-Run: 17,985,777,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 38CA213BD990FCC0B7E9F1DCCAF024A2


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:21 PM

Posted 12 April 2010 - 08:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:21 PM

Posted 18 April 2010 - 06:29 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users