Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal / External Hard Drive Installation


  • This topic is locked This topic is locked
20 replies to this topic

#1 skifrench

skifrench

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 11 April 2010 - 03:33 PM

Hello,

I recently tried to install an HP Simple Save External Hard Drive on my computer running Windows XP. I received the following error message:

"The application or DLL C:\Documents and Settings XXXXX \HP SimpleSave Application\magFileIO.dll is not a valid Windows image. Please check this against your installation diskette."


I looked up the problem on this website and followed the instructions:

http://forum.soft32.com/windows/DLL-valid-...pict379296.html


I have run McAfee, AdAware, Spybot S&D, and hijackthis. I am still receiving the error message above when I try and run the external hard drive. Below is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {041A6EE7-E31F-476A-928E-E185BE7B3187} - (no file)
O2 - BHO: (no name) - {12B9544F-D391-4BBB-AE4D-1FC5AE1D3B94} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1BF1A34F-8E6C-4636-A9C5-E17787F8CFF2} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {2BB2956C-F0B9-4841-A6E4-7FBEB2FBF9F2} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39440EED-0BCA-45B3-A102-9B89A553A4AD} - (no file)
O2 - BHO: (no name) - {41FDDDEE-6F4F-4DC6-B4E6-BE5C61A3FD52} - (no file)
O2 - BHO: (no name) - {49CFA8E0-4EBD-4B25-BDA5-BA7BB5654F92} - (no file)
O2 - BHO: (no name) - {4BBED14C-64FA-45AC-9BE5-77D611C1E1C9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AA8C8F79-31A9-4B7C-919F-19C3D9C462F6} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {B5162DA0-65AD-40D6-99CD-DA74A856FF2A} - (no file)
O2 - BHO: (no name) - {BFE3D5A9-2635-4823-BA18-DDDD198F014F} - (no file)
O2 - BHO: (no name) - {C2658E07-543A-4FAA-BA1A-494079C7DC50} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {D60EC452-6BF5-46DA-A4D5-E03B2324A667} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DF639849-1EF1-4C6A-BA0B-F2426C464E29} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [vdrdpup] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\vdrdpup.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EPSON Artisan 800(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\WINDOWS\TEMP\E_S196.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: klgmbq.dll hkfbuz.dll ptkqna.dll gbazgm.dll svbhdk.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 18507 bytes


Please let me know what actions I should take. Thanks in advance!

Matt


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:26 PM

Posted 14 April 2010 - 03:00 PM

Hi Matt,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • --

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, unselect "files" and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 17 April 2010 - 01:40 PM

    Hi

    The text from the DDS.txt file is below and the Attach.txt file is zipped and attached. When I ran GMER my computer froze twice and once the program froze. When the computer froze a blue screen error came up and I have included the text below.

    Thanks,
    Matt


    DDS.txt:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Matthew French at 12:05:43.57 on Fri 04/16/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.334 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Brownie\Brnipmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\Webshots\Webshots.scr
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Documents and Settings\Matthew French\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = www.cnn.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: {041A6EE7-E31F-476A-928E-E185BE7B3187} - No File
    BHO: {12B9544F-D391-4BBB-AE4D-1FC5AE1D3B94} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {1BF1A34F-8E6C-4636-A9C5-E17787F8CFF2} - No File
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {2BB2956C-F0B9-4841-A6E4-7FBEB2FBF9F2} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {39440EED-0BCA-45B3-A102-9B89A553A4AD} - No File
    BHO: {41FDDDEE-6F4F-4DC6-B4E6-BE5C61A3FD52} - No File
    BHO: {49CFA8E0-4EBD-4B25-BDA5-BA7BB5654F92} - No File
    BHO: {4BBED14C-64FA-45AC-9BE5-77D611C1E1C9} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: {AA8C8F79-31A9-4B7C-919F-19C3D9C462F6} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {B5162DA0-65AD-40D6-99CD-DA74A856FF2A} - No File
    BHO: {BFE3D5A9-2635-4823-BA18-DDDD198F014F} - No File
    BHO: {C2658E07-543A-4FAA-BA1A-494079C7DC50} - No File
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: {D60EC452-6BF5-46DA-A4D5-E03B2324A667} - No File
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {DF639849-1EF1-4C6A-BA0B-F2426C464E29} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [EPSON Artisan 800(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_S196.tmp" /EF "HKCU"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
    mRun: [vdrdpup] c:\windows\system32\rundll32 c:\windows\system32\vdrdpup.dll,RegisterVirtualChannel
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    StartupFolder: c:\docume~1\matthe~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: klgmbq.dll hkfbuz.dll ptkqna.dll gbazgm.dll svbhdk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\matthew french\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-1 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-10 28552]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-14 214664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-2 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-14 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-14 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-19 24652]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-14 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-14 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-14 35272]
    R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-14 34248]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-14 40552]

    ============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile="%1" %*

    =============== Created Last 30 ================

    2010-04-11 19:55:25 0 d-----w- c:\program files\Trend Micro
    2010-04-11 16:41:51 0 d-----w- c:\program files\TrendMicro
    2010-04-10 19:09:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-10 19:08:44 0 d-----w- c:\program files\Panda Security
    2010-04-09 19:37:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-04-09 18:52:46 0 d-----w- c:\docume~1\matthe~1\applic~1\HP SimpleSave Application
    2010-03-19 19:26:11 410 ----a-w- c:\windows\BRWMARK.INI
    2010-03-19 19:26:11 34 ----a-w- c:\windows\system32\BD2170W.DAT
    2010-03-19 19:26:00 146 ----a-w- c:\windows\BRVIDEO.INI
    2010-03-19 19:26:00 0 ----a-w- c:\windows\brmx2001.ini
    2010-03-19 19:25:54 77824 ------w- c:\windows\system32\brlmw03a.dll
    2010-03-19 19:25:54 114 ------w- c:\windows\system32\brlmw03a.ini
    2010-03-19 19:25:51 9868 ----a-w- c:\windows\HL-2170W.INI
    2010-03-19 19:25:51 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
    2010-03-19 19:25:51 0 d-----w- c:\program files\Brownie
    2010-03-19 19:25:22 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
    2010-03-19 19:25:21 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
    2010-03-19 19:25:20 0 d-----w- c:\program files\Brother
    2010-03-19 19:25:17 196608 ------w- c:\windows\system32\Pdrvinst.dll
    2010-03-19 19:22:18 329 ----a-w- c:\windows\Brownie.ini
    2010-03-19 16:48:44 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

    ==================== Find3M ====================

    2010-03-19 16:55:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
    2010-02-27 00:02:25 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2006-07-30 21:41:36 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52:04 88 --sh--r- c:\windows\system32\C630146413.sys
    2009-11-19 00:52:08 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-09-15 15:14:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 12:08:31.78 ===============




    Blue Screen Error:

    A problem has been detected and windows has been shut down to prevent damage to your computer.

    The problem seems to be caused by the following file:pxtdypow.sys

    PAGE_FAULT_IN_NONPAGED_AREA

    If this is the first time you’ve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

    Check to make sure any new hardware or software is properly installed. If this is a new installatiopn, ask your hardware or software manufacturer for any windows updates you might need.
    If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

    Technical information:
    ***STOP: 0x00000050 (oxE564c000, 0x00000000, 0xB9EA3C3E, 0x00000001)
    ***pxtdypow.sys – Address B9EA3C3E base at B9EA3000, DateStamp 4b274f8d
    Beginning dump of physical memory
    Physical memory dump complete.
    Contact your system administrator or technical support group for further assistance.

    Attached Files



    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 18 April 2010 - 05:31 AM

    Hi,

    QUOTE
    When I ran GMER my computer froze twice and once the program froze. When the computer froze a blue screen error came up and I have included the text below.

    Did you uncheck "files" option before hitting scan? If you did then run a new scan after making sure only "sections" option is selected.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #5 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 24 April 2010 - 04:50 AM

    Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #6 Grinler

    Grinler

      Lawrence Abrams


    • Admin
    • 43,718 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:26 AM

    Posted 27 April 2010 - 07:48 AM

    Reopened at the request of the op.

    #7 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 02 May 2010 - 09:33 AM

    I ran GMER again with only "sections" options and it froze again. Should I start the computer in safe mode and run? How long should the scan take?

    Thanks,
    Matt

    #8 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 02 May 2010 - 09:41 AM

    Yes, you could try to run in safe mode. Remember to have only sections enabled. That will short the scan time. Post also fresh dds logs since the previous ones are pretty old now.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #9 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 02 May 2010 - 03:25 PM

    Hi Attached are the new DDS and Attach files, and the GMER file. I had to take a screen shot of the GMER file because I couldn't scroll down to get to the "copy" button since I ran GMER in safe mode.

    Thanks,
    Matt

    DDS:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Matthew French at 16:11:29.07 on Sun 05/02/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.140 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Brownie\Brnipmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Webshots\Webshots.scr
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Matthew French\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = www.cnn.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: {041A6EE7-E31F-476A-928E-E185BE7B3187} - No File
    BHO: {12B9544F-D391-4BBB-AE4D-1FC5AE1D3B94} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {1BF1A34F-8E6C-4636-A9C5-E17787F8CFF2} - No File
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {2BB2956C-F0B9-4841-A6E4-7FBEB2FBF9F2} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {39440EED-0BCA-45B3-A102-9B89A553A4AD} - No File
    BHO: {41FDDDEE-6F4F-4DC6-B4E6-BE5C61A3FD52} - No File
    BHO: {49CFA8E0-4EBD-4B25-BDA5-BA7BB5654F92} - No File
    BHO: {4BBED14C-64FA-45AC-9BE5-77D611C1E1C9} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: {AA8C8F79-31A9-4B7C-919F-19C3D9C462F6} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {B5162DA0-65AD-40D6-99CD-DA74A856FF2A} - No File
    BHO: {BFE3D5A9-2635-4823-BA18-DDDD198F014F} - No File
    BHO: {C2658E07-543A-4FAA-BA1A-494079C7DC50} - No File
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: {D60EC452-6BF5-46DA-A4D5-E03B2324A667} - No File
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {DF639849-1EF1-4C6A-BA0B-F2426C464E29} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [EPSON Artisan 800(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_S196.tmp" /EF "HKCU"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
    mRun: [vdrdpup] c:\windows\system32\rundll32 c:\windows\system32\vdrdpup.dll,RegisterVirtualChannel
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\matthe~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: klgmbq.dll hkfbuz.dll ptkqna.dll gbazgm.dll svbhdk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\matthew french\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-1 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-10 28552]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-14 214664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-2 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-14 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-14 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-19 24652]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-14 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-14 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-14 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-14 40552]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-14 606736]

    ============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile="%1" %*

    =============== Created Last 30 ================

    2010-04-22 17:27:02 0 d-----r- c:\docume~1\matthe~1\applic~1\Brother
    2010-04-22 04:02:16 0 d-----w- c:\program files\iPod
    2010-04-22 04:02:05 0 d-----w- c:\program files\iTunes
    2010-04-22 04:02:05 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:54:08 0 d-----w- c:\program files\Bonjour
    2010-04-11 19:55:25 0 d-----w- c:\program files\Trend Micro
    2010-04-11 16:41:51 0 d-----w- c:\program files\TrendMicro
    2010-04-10 19:09:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-10 19:08:44 0 d-----w- c:\program files\Panda Security
    2010-04-09 19:37:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-04-09 18:52:46 0 d-----w- c:\docume~1\matthe~1\applic~1\HP SimpleSave Application

    ==================== Find3M ====================

    2010-03-19 16:55:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
    2010-02-27 00:02:25 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2006-07-30 21:41:36 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52:04 88 --sh--r- c:\windows\system32\C630146413.sys
    2009-11-19 00:52:08 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-09-15 15:14:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 16:12:50.26 ===============



    Attached Files



    #10 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 03 May 2010 - 12:51 AM

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #11 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 08 May 2010 - 03:17 PM

    Hi,

    Below are the ComboFix and DDS info.

    Thanks,



    ComboFix::

    ComboFix 10-05-07.07 - Matthew French 05/08/2010 13:31:16.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.461 [GMT -4:00]
    Running from: c:\documents and settings\Matthew French\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\MATTHE~1\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
    c:\documents and settings\Matthew French\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp
    c:\temp\fse
    c:\windows\search_res.txt
    c:\windows\system32\anqguvmw.ini
    c:\windows\system32\Data
    c:\windows\system32\dxbqhtoi.ini
    c:\windows\system32\fdjjbqdw.ini
    c:\windows\system32\gefrvmpa.ini
    c:\windows\system32\hnduefkf.ini
    c:\windows\system32\nqtcrkgb.ini
    c:\windows\system32\puvcvvtt.ini
    c:\windows\system32\yhhalibj.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
    .

    2010-04-29 23:54 . 2010-04-29 23:54 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2010-04-22 17:27 . 2010-04-22 17:27 -------- d-----r- c:\documents and settings\Matthew French\Application Data\Brother
    2010-04-22 04:02 . 2010-04-22 04:02 -------- d-----w- c:\program files\iPod
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\program files\iTunes
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:58 . 2010-04-22 03:58 -------- d-----w- c:\program files\QuickTime
    2010-04-22 03:54 . 2010-04-22 03:54 -------- d-----w- c:\program files\Bonjour
    2010-04-22 03:46 . 2010-04-22 03:46 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-11 19:55 . 2010-04-11 19:55 -------- d-----w- c:\program files\Trend Micro
    2010-04-11 16:41 . 2010-04-11 16:41 388096 ----a-r- c:\documents and settings\Matthew French\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-11 16:41 . 2010-04-11 16:41 -------- d-----w- c:\program files\TrendMicro
    2010-04-10 19:09 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-10 19:08 . 2010-04-10 19:08 -------- d-----w- c:\program files\Panda Security
    2010-04-09 19:37 . 2010-04-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-09 18:58 . 2007-08-02 15:58 888832 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\uEzDll.dll
    2010-04-09 18:53 . 2008-09-04 17:11 199168 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\MagicDll\MagUICommon.dll
    2010-04-09 18:52 . 2006-11-08 21:58 449280 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\fpxlib.dll
    2010-04-09 18:52 . 2008-08-12 00:56 53248 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\ExportTMInfo.dll
    2010-04-09 18:52 . 2008-02-18 23:07 45056 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\CommandLineParser.dll
    2010-04-09 18:52 . 2010-04-09 18:59 -------- d-----w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application
    2010-04-09 18:52 . 2009-03-11 00:04 24576 ----a-w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application\AddPlugin.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-07 16:25 . 2008-06-20 19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-02 20:20 . 2006-10-08 23:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-04-29 23:56 . 2010-03-19 16:55 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
    2010-04-29 23:56 . 2009-12-02 00:20 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-04-29 23:56 . 2009-12-02 00:20 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2010-04-29 23:56 . 2009-12-02 00:20 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2010-04-29 23:56 . 2009-12-02 00:20 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2010-04-29 23:56 . 2009-12-02 00:20 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
    2010-04-29 23:56 . 2009-12-02 00:20 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2010-04-29 23:56 . 2009-12-02 00:20 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-04-29 23:56 . 2009-12-02 00:20 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2010-04-29 23:55 . 2009-12-02 00:19 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-04-29 23:55 . 2009-12-02 00:19 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2010-04-29 23:55 . 2009-12-02 00:19 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2010-04-29 23:55 . 2010-03-19 16:54 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
    2010-04-29 23:55 . 2009-12-02 00:19 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-04-29 23:55 . 2009-12-02 00:19 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-04-29 23:54 . 2009-12-02 00:19 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-04-29 23:54 . 2009-12-02 00:19 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-04-29 23:54 . 2009-12-02 00:19 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-04-29 23:54 . 2009-12-02 00:18 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-04-22 04:02 . 2007-06-30 20:15 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-09 20:23 . 2006-06-15 16:57 -------- d-----w- c:\program files\Common Files\AOL
    2010-04-09 20:23 . 2006-06-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-04-04 22:52 . 2008-12-12 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-04-02 00:04 . 2006-06-15 17:08 -------- d-----w- c:\program files\McAfee
    2010-03-30 23:21 . 2010-03-30 23:21 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
    2010-03-30 23:21 . 2010-03-30 23:21 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
    2010-03-29 21:36 . 2009-11-23 04:12 79488 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-24 22:44 . 2006-06-15 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-19 19:26 . 2010-03-19 19:26 34 ----a-w- c:\windows\system32\BD2170W.DAT
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brownie
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brother
    2010-03-19 16:55 . 2010-03-19 16:55 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2010-03-19 16:55 . 2009-12-01 03:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55 . 2009-12-02 00:20 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2010-03-19 16:55 . 2009-12-02 02:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-19 16:55 . 2009-12-02 00:20 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2010-03-19 16:54 . 2009-12-02 00:20 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
    2010-03-19 16:49 . 2008-01-18 13:39 -------- d-----w- c:\program files\Lavasoft
    2010-03-19 16:48 . 2010-03-19 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-03-10 06:15 . 2005-08-16 09:18 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-07 15:46 . 2010-03-07 15:46 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-07 15:46 . 2010-03-07 15:46 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-03-01 12:21 . 2009-12-02 00:19 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-27 00:02 . 2008-08-15 21:20 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 06:24 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2005-08-16 09:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 03:50 . 2006-07-04 22:05 35712 ----a-w- c:\documents and settings\Matthew French\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33 . 2005-08-16 09:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2005-08-16 09:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2006-07-30 21:41 . 2006-07-30 21:41 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52 . 2006-10-08 23:39 88 --sh--r- c:\windows\system32\C630146413.sys
    2008-07-18 17:24 . 2008-07-18 17:24 647168 --sha-w- c:\windows\system32\dxbqhtoi.tmp
    2008-07-31 11:42 . 2008-07-31 11:42 1382927 --sha-w- c:\windows\system32\ntapgswu.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "vdrdpup"="c:\windows\system32\vdrdpup.dll" [2005-02-17 94208]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 148888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

    c:\documents and settings\Matthew French\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2007-3-7 45056]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-15 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-04-20 17:10 50792 ----a-w- c:\program files\Common Files\AOL\1151373286\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-05-22 17:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "antivirus-2008pro.exe"=c:\program files\Antivirus 2008 PRO\antivirus-2008pro.exe
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "10eb548d"=rundll32.exe "c:\windows\system32\uwsgpatn.dll",b
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "Antivirus"=c:\program files\VAV\vav.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aim6.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/1/2009 8:20 PM 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/10/2010 3:09 PM 28552]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 12:45 AM 93320]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2007 1:48 PM 24652]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:54]

    2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-04-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    2010-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.cnn.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Matthew French\Application Data\Mozilla\Firefox\Profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Matthew French\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{041A6EE7-E31F-476A-928E-E185BE7B3187} - (no file)
    BHO-{12B9544F-D391-4BBB-AE4D-1FC5AE1D3B94} - (no file)
    BHO-{1BF1A34F-8E6C-4636-A9C5-E17787F8CFF2} - (no file)
    BHO-{2BB2956C-F0B9-4841-A6E4-7FBEB2FBF9F2} - (no file)
    BHO-{39440EED-0BCA-45B3-A102-9B89A553A4AD} - (no file)
    BHO-{41FDDDEE-6F4F-4DC6-B4E6-BE5C61A3FD52} - (no file)
    BHO-{49CFA8E0-4EBD-4B25-BDA5-BA7BB5654F92} - (no file)
    BHO-{4BBED14C-64FA-45AC-9BE5-77D611C1E1C9} - (no file)
    BHO-{AA8C8F79-31A9-4B7C-919F-19C3D9C462F6} - (no file)
    BHO-{B5162DA0-65AD-40D6-99CD-DA74A856FF2A} - (no file)
    BHO-{BFE3D5A9-2635-4823-BA18-DDDD198F014F} - (no file)
    BHO-{C2658E07-543A-4FAA-BA1A-494079C7DC50} - (no file)
    BHO-{D60EC452-6BF5-46DA-A4D5-E03B2324A667} - (no file)
    BHO-{DF639849-1EF1-4C6A-BA0B-F2426C464E29} - (no file)
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-08 13:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1016)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-05-08 13:42:02
    ComboFix-quarantined-files.txt 2010-05-08 17:41

    Pre-Run: 4,319,600,640 bytes free
    Post-Run: 4,857,061,376 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 31E7028FD825F8B79AED435FED121DD6








    DDS.txt:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Matthew French at 16:12:02.28 on Sat 05/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.342 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Webshots\Webshots.scr
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Matthew French\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = www.cnn.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
    mRun: [vdrdpup] c:\windows\system32\rundll32 c:\windows\system32\vdrdpup.dll,RegisterVirtualChannel
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\matthe~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\matthew french\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-1 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-10 28552]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-14 214664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-2 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-14 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-14 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-19 24652]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-14 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-14 35272]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-14 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-14 40552]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-14 606736]

    =============== Created Last 30 ================

    2010-05-08 17:26:00 0 d-sha-r- C:\cmdcons
    2010-05-08 17:20:11 98816 ----a-w- c:\windows\sed.exe
    2010-05-08 17:20:11 77312 ----a-w- c:\windows\MBR.exe
    2010-05-08 17:20:11 256512 ----a-w- c:\windows\PEV.exe
    2010-05-08 17:20:11 161792 ----a-w- c:\windows\SWREG.exe
    2010-04-22 17:27:02 0 d-----r- c:\docume~1\matthe~1\applic~1\Brother
    2010-04-22 04:02:16 0 d-----w- c:\program files\iPod
    2010-04-22 04:02:05 0 d-----w- c:\program files\iTunes
    2010-04-22 04:02:05 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:54:08 0 d-----w- c:\program files\Bonjour
    2010-04-11 19:55:25 0 d-----w- c:\program files\Trend Micro
    2010-04-11 16:41:51 0 d-----w- c:\program files\TrendMicro
    2010-04-10 19:09:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-10 19:08:44 0 d-----w- c:\program files\Panda Security
    2010-04-09 19:37:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-04-09 18:52:46 0 d-----w- c:\docume~1\matthe~1\applic~1\HP SimpleSave Application

    ==================== Find3M ====================

    2010-05-02 20:20:57 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-03-19 16:55:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
    2010-02-27 00:02:25 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2006-07-30 21:41:36 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52:04 88 --sh--r- c:\windows\system32\C630146413.sys
    2008-09-15 15:14:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 16:12:54.23 ===============

    Attached Files



    #12 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 08 May 2010 - 03:48 PM

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    CODE
    Folder::
    c:\program files\Antivirus 2008 PRO
    c:\program files\VAV
    File::
    c:\windows\system32\uwsgpatn.dll
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "antivirus-2008pro.exe"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "10eb548d"=-
    "Antivirus"=-



    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #13 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 11 May 2010 - 05:57 PM

    Hello,

    Attached are the Kapersky's report, DDS logs, and ComboFix log.

    Thanks,
    Matt



    Kaspersky:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, May 11, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, May 11, 2010 09:04:01
    Records in database: 4093911
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 122745
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 04:55:46


    File name / Threat / Threats count
    C:\Documents and Settings\Matthew French\Application Data\Sun\Java\Deployment\cache\6.0\2\3dcad182-5b343ca0 Infected: Trojan-Downloader.Java.Agent.ac 1

    Selected area has been scanned.





    DDS:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Matthew French at 18:29:14.87 on Tue 05/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.563 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Brownie\Brnipmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Webshots\Webshots.scr
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Documents and Settings\Matthew French\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = www.cnn.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
    mRun: [vdrdpup] c:\windows\system32\rundll32 c:\windows\system32\vdrdpup.dll,RegisterVirtualChannel
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\matthe~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\matthew french\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-1 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-10 28552]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-14 214664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-2 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-14 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-14 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-19 24652]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-14 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-14 35272]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-14 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-14 40552]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-14 606736]

    =============== Created Last 30 ================

    2010-05-11 01:11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-11 01:11:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-08 17:26:00 0 d-sha-r- C:\cmdcons
    2010-05-08 17:20:11 98816 ----a-w- c:\windows\sed.exe
    2010-05-08 17:20:11 77312 ----a-w- c:\windows\MBR.exe
    2010-05-08 17:20:11 256512 ----a-w- c:\windows\PEV.exe
    2010-05-08 17:20:11 161792 ----a-w- c:\windows\SWREG.exe
    2010-04-22 17:27:02 0 d-----r- c:\docume~1\matthe~1\applic~1\Brother
    2010-04-22 04:02:16 0 d-----w- c:\program files\iPod
    2010-04-22 04:02:05 0 d-----w- c:\program files\iTunes
    2010-04-22 04:02:05 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:54:08 0 d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-05-02 20:20:57 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-03-19 16:55:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
    2010-02-27 00:02:25 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2006-07-30 21:41:36 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52:04 88 --sh--r- c:\windows\system32\C630146413.sys
    2008-09-15 15:14:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 18:30:28.76 ===============










    ComboFix:
    ComboFix 10-05-10.02 - Matthew French 05/10/2010 19:06:54.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -4:00]
    Running from: c:\documents and settings\Matthew French\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Matthew French\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\windows\system32\uwsgpatn.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\MATTHE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\Matthew French\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
    .

    2010-04-22 17:27 . 2010-04-22 17:27 -------- d-----r- c:\documents and settings\Matthew French\Application Data\Brother
    2010-04-22 04:02 . 2010-04-22 04:02 -------- d-----w- c:\program files\iPod
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\program files\iTunes
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:58 . 2010-04-22 03:58 -------- d-----w- c:\program files\QuickTime
    2010-04-22 03:54 . 2010-04-22 03:54 -------- d-----w- c:\program files\Bonjour
    2010-04-22 03:46 . 2010-04-22 03:46 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-11 19:55 . 2010-04-11 19:55 -------- d-----w- c:\program files\Trend Micro
    2010-04-11 16:41 . 2010-04-11 16:41 388096 ----a-r- c:\documents and settings\Matthew French\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-11 16:41 . 2010-04-11 16:41 -------- d-----w- c:\program files\TrendMicro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-07 16:25 . 2008-06-20 19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-02 20:20 . 2006-10-08 23:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-04-22 04:02 . 2007-06-30 20:15 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-10 19:08 . 2010-04-10 19:08 -------- d-----w- c:\program files\Panda Security
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-09 20:23 . 2006-06-15 16:57 -------- d-----w- c:\program files\Common Files\AOL
    2010-04-09 20:23 . 2006-06-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-04-09 19:37 . 2010-04-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-09 18:59 . 2010-04-09 18:52 -------- d-----w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application
    2010-04-04 22:52 . 2008-12-12 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-04-02 00:04 . 2006-06-15 17:08 -------- d-----w- c:\program files\McAfee
    2010-03-29 21:36 . 2009-11-23 04:12 79488 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-24 22:44 . 2006-06-15 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-19 19:26 . 2010-03-19 19:26 34 ----a-w- c:\windows\system32\BD2170W.DAT
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brownie
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brother
    2010-03-19 16:55 . 2009-12-01 03:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55 . 2009-12-02 02:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-19 16:49 . 2008-01-18 13:39 -------- d-----w- c:\program files\Lavasoft
    2010-03-19 16:48 . 2010-03-19 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-03-10 06:15 . 2005-08-16 09:18 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-07 15:46 . 2010-03-07 15:46 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-07 15:46 . 2010-03-07 15:46 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-02-27 00:02 . 2008-08-15 21:20 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 06:24 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2005-08-16 09:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 03:50 . 2006-07-04 22:05 35712 ----a-w- c:\documents and settings\Matthew French\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33 . 2005-08-16 09:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2005-08-16 09:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2006-07-30 21:41 . 2006-07-30 21:41 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52 . 2006-10-08 23:39 88 --sh--r- c:\windows\system32\C630146413.sys
    2008-07-18 17:24 . 2008-07-18 17:24 647168 --sha-w- c:\windows\system32\dxbqhtoi.tmp
    2008-07-31 11:42 . 2008-07-31 11:42 1382927 --sha-w- c:\windows\system32\ntapgswu.tmp
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-05-08_17.38.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-10 18:19 . 2010-05-10 18:19 16384 c:\windows\Temp\Perflib_Perfdata_460.dat
    + 2006-06-27 01:05 . 2010-05-10 23:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-06-27 01:05 . 2010-05-08 16:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-07-06 00:52 . 2010-05-10 23:04 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-07-06 00:52 . 2010-05-08 16:33 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2010-05-08 21:25 . 2010-05-10 23:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2006-06-27 01:05 . 2010-05-08 16:33 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\974c038.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "vdrdpup"="c:\windows\system32\vdrdpup.dll" [2005-02-17 94208]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 148888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

    c:\documents and settings\Matthew French\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2007-3-7 45056]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-15 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-04-20 17:10 50792 ----a-w- c:\program files\Common Files\AOL\1151373286\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-05-22 17:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aim6.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/1/2009 8:20 PM 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/10/2010 3:09 PM 28552]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 12:45 AM 93320]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2007 1:48 PM 24652]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:54]

    2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-04-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.cnn.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Matthew French\Application Data\Mozilla\Firefox\Profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Matthew French\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-10 19:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1016)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-05-10 19:21:50
    ComboFix-quarantined-files.txt 2010-05-10 23:21
    ComboFix2.txt 2010-05-08 17:42

    Pre-Run: 4,649,066,496 bytes free
    Post-Run: 4,760,231,936 bytes free

    - - End Of File - - 0A5EB3470A4B08D2FA7AF13C5184E590

    Attached Files



    #14 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:12:26 PM

    Posted 12 May 2010 - 09:16 AM

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    CODE
    File::
    c:\windows\system32\dxbqhtoi.tmp
    c:\windows\system32\ntapgswu.tmp
    C:\Documents and Settings\Matthew French\Application Data\Sun\Java\Deployment\cache\6.0\2\3dcad182-5b343ca0



    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log. How's the system running?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #15 skifrench

    skifrench
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:05:26 AM

    Posted 15 May 2010 - 03:43 PM

    Hi,

    The system is running pretty well actually. I haven't tried to use the external hard drive again though. That's what started this entire process.

    Thanks,
    Matt


    Log File:


    ComboFix 10-05-15.01 - Matthew French 05/15/2010 15:52:25.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.440 [GMT -4:00]
    Running from: c:\documents and settings\Matthew French\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Matthew French\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\cache\6.0\2\3dcad182-5b343ca0"
    "c:\windows\system32\dxbqhtoi.tmp"
    "c:\windows\system32\ntapgswu.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\MATTHE~1\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp
    c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\cache\6.0\2\3dcad182-5b343ca0
    c:\documents and settings\Matthew French\Local Settings\temp\clclean.0001.dir.0002\~df394b.tmp
    c:\windows\system32\dxbqhtoi.tmp
    c:\windows\system32\ntapgswu.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
    .

    2010-05-11 01:11 . 2010-05-11 01:11 -------- d-----w- c:\program files\Common Files\Java
    2010-05-11 01:11 . 2010-05-11 01:11 503808 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7520302e-n\msvcp71.dll
    2010-05-11 01:11 . 2010-05-11 01:11 499712 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7520302e-n\jmc.dll
    2010-05-11 01:11 . 2010-05-11 01:11 348160 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7520302e-n\msvcr71.dll
    2010-05-11 01:11 . 2010-05-11 01:11 61440 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d2ab67c-n\decora-sse.dll
    2010-05-11 01:11 . 2010-05-11 01:11 12800 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d2ab67c-n\decora-d3d.dll
    2010-05-11 01:11 . 2010-05-11 01:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-10 23:46 . 2010-05-10 23:46 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-04-22 17:27 . 2010-04-22 17:27 -------- d-----r- c:\documents and settings\Matthew French\Application Data\Brother
    2010-04-22 04:02 . 2010-04-22 04:02 -------- d-----w- c:\program files\iPod
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\program files\iTunes
    2010-04-22 04:02 . 2010-04-22 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-22 03:58 . 2010-04-22 03:58 -------- d-----w- c:\program files\QuickTime
    2010-04-22 03:54 . 2010-04-22 03:54 -------- d-----w- c:\program files\Bonjour
    2010-04-22 03:46 . 2010-04-22 03:46 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-11 11:27 . 2007-03-26 23:42 -------- d-----w- c:\documents and settings\Matthew French\Application Data\Apple Computer
    2010-05-11 00:57 . 2009-04-17 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-05-11 00:45 . 2006-06-15 16:38 -------- d-----w- c:\program files\Java
    2010-05-10 23:51 . 2006-07-08 15:54 -------- d-----w- c:\program files\Common Files\Adobe
    2010-05-10 23:48 . 2009-04-17 22:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-05-07 16:25 . 2008-06-20 19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-02 20:20 . 2006-10-08 23:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-04-22 04:02 . 2007-06-30 20:15 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-11 19:55 . 2010-04-11 19:55 -------- d-----w- c:\program files\Trend Micro
    2010-04-11 16:41 . 2010-04-11 16:41 388096 ----a-r- c:\documents and settings\Matthew French\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-11 16:41 . 2010-04-11 16:41 -------- d-----w- c:\program files\TrendMicro
    2010-04-10 19:08 . 2010-04-10 19:08 -------- d-----w- c:\program files\Panda Security
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-09 23:00 . 2008-07-29 14:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-09 20:23 . 2006-06-15 16:57 -------- d-----w- c:\program files\Common Files\AOL
    2010-04-09 20:23 . 2006-06-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-04-09 19:37 . 2010-04-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-09 18:59 . 2010-04-09 18:52 -------- d-----w- c:\documents and settings\Matthew French\Application Data\HP SimpleSave Application
    2010-04-04 22:52 . 2008-12-12 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-04-02 00:04 . 2006-06-15 17:08 -------- d-----w- c:\program files\McAfee
    2010-03-29 21:36 . 2009-11-23 04:12 79488 ----a-w- c:\documents and settings\Matthew French\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-24 22:44 . 2006-06-15 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-19 19:26 . 2010-03-19 19:26 34 ----a-w- c:\windows\system32\BD2170W.DAT
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brownie
    2010-03-19 19:25 . 2010-03-19 19:25 -------- d-----w- c:\program files\Brother
    2010-03-19 16:55 . 2009-12-01 03:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-19 16:55 . 2009-12-02 02:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-03-19 16:49 . 2008-01-18 13:39 -------- d-----w- c:\program files\Lavasoft
    2010-03-19 16:48 . 2010-03-19 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-03-10 06:15 . 2005-08-16 09:18 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-07 15:47 . 2010-03-07 15:47 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-07 15:46 . 2010-03-07 15:46 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-07 15:46 . 2010-03-07 15:46 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-07 15:46 . 2010-03-07 15:46 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-02-27 00:02 . 2008-08-15 21:20 32988 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 06:24 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2005-08-16 09:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 03:50 . 2006-07-04 22:05 35712 ----a-w- c:\documents and settings\Matthew French\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2006-07-30 21:41 . 2006-07-30 21:41 4348704 -c--a-w- c:\program files\ica32t.exe
    2009-11-19 00:52 . 2006-10-08 23:39 88 --sh--r- c:\windows\system32\C630146413.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-05-08_17.38.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-14 15:41 . 2010-05-14 15:41 16384 c:\windows\Temp\Perflib_Perfdata_590.dat
    - 2006-06-27 01:05 . 2010-05-08 16:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2006-06-27 01:05 . 2010-05-15 18:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-07-06 00:52 . 2010-05-08 16:33 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2009-07-06 00:52 . 2010-05-15 18:38 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2010-05-11 03:51 . 2010-05-15 18:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2006-06-27 01:05 . 2010-05-08 16:33 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2010-05-10 23:48 . 2010-05-10 23:48 27648 c:\windows\Installer\12dee74.msi
    - 2006-06-15 16:54 . 2010-04-15 12:24 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2009-12-22 00:09 . 2009-12-22 00:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
    + 2009-12-22 05:57 . 2009-12-22 05:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
    + 2009-12-22 00:02 . 2009-12-22 00:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
    + 2009-12-22 03:21 . 2009-12-22 03:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
    + 2009-12-22 03:37 . 2009-12-22 03:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
    + 2009-12-21 22:39 . 2009-12-21 22:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
    + 2009-12-21 22:27 . 2009-12-21 22:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
    + 2009-12-21 22:27 . 2009-12-21 22:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
    - 2006-06-15 16:54 . 2010-04-15 12:24 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2010-05-11 01:11 . 2010-05-11 01:11 153376 c:\windows\system32\javaws.exe
    + 2010-05-11 01:11 . 2010-05-11 01:11 145184 c:\windows\system32\javaw.exe
    + 2010-05-11 01:11 . 2010-05-11 01:11 145184 c:\windows\system32\java.exe
    + 2005-08-16 09:40 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
    - 2005-08-16 09:40 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
    - 2008-09-14 19:00 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
    + 2008-09-14 19:00 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
    + 2010-05-11 01:11 . 2010-05-11 01:11 180224 c:\windows\Installer\12b24a.msi
    + 2010-05-11 01:11 . 2010-05-11 01:11 577536 c:\windows\Installer\12b244.msi
    + 2006-06-15 16:54 . 2010-05-12 13:16 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-06-15 16:54 . 2010-05-12 13:16 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-06-15 16:54 . 2010-04-15 12:24 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2009-12-21 22:35 . 2009-12-21 22:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
    + 2009-12-22 00:05 . 2009-12-22 00:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
    + 2009-12-21 22:34 . 2009-12-21 22:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
    + 2009-11-09 23:18 . 2009-11-09 23:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
    + 2009-12-22 00:02 . 2009-12-22 00:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
    + 2009-12-21 22:43 . 2009-12-21 22:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
    + 2009-12-22 05:57 . 2009-12-22 05:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
    + 2009-12-21 22:15 . 2009-12-21 22:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
    + 2009-12-21 23:32 . 2009-12-21 23:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
    + 2009-12-21 23:15 . 2009-12-21 23:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
    + 2009-08-11 21:36 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
    - 2009-08-11 21:36 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
    + 2009-10-16 22:07 . 2009-10-16 22:07 6115328 c:\windows\Installer\78cf040.msp
    + 2010-04-21 21:46 . 2010-04-21 21:46 5522432 c:\windows\Installer\78cf02e.msp
    + 2010-05-10 23:51 . 2010-05-10 23:51 3940352 c:\windows\Installer\12dee7a.msi
    + 2007-05-09 20:19 . 2007-05-09 20:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
    + 2009-12-21 22:29 . 2009-12-21 22:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
    + 2009-10-28 00:34 . 2009-10-28 00:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
    + 2009-12-22 03:31 . 2009-12-22 03:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
    + 2006-06-28 10:24 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
    + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\974c038.msp
    + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\78cf017.msp
    + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\3000140.msp
    + 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\10e47bd.msp
    + 2009-12-22 03:21 . 2009-12-22 03:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "vdrdpup"="c:\windows\system32\vdrdpup.dll" [2005-02-17 94208]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\Matthew French\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2007-3-7 45056]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-15 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-04-20 17:10 50792 ----a-w- c:\program files\Common Files\AOL\1151373286\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-05-22 17:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1151373286\\ee\\aim6.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/1/2009 8:20 PM 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/10/2010 3:09 PM 28552]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 12:45 AM 93320]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2007 1:48 PM 24652]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:54]

    2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-05-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-14 16:22]

    2010-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    2010-05-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3612846891-3284125442-3501734459-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.cnn.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Matthew French\Application Data\Mozilla\Firefox\Profiles\p4qvnsdm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://outdoors.startlike.com/?user=5c4be87dd06db4b3da224c7582ce1bbd
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Matthew French\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-15 16:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\MATTHE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1024)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-05-15 16:07:15
    ComboFix-quarantined-files.txt 2010-05-15 20:06
    ComboFix2.txt 2010-05-10 23:21
    ComboFix3.txt 2010-05-08 17:42

    Pre-Run: 4,569,567,232 bytes free
    Post-Run: 4,885,954,560 bytes free

    - - End Of File - - CD0F6B68B2B46834ACFFAF524A4EBC69









    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users