Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Protectio virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 jgc1024

jgc1024

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 May 2010 - 08:36 AM

I have tried to run Anti-malware and my computer shuts down during the scan.


DDS (Ver_10-03-17.01) - NTFSx86
Run by JC at 10:34:58.53 on Mon 05/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.118 [GMT -5:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\wsdkrlxp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\JC\My Documents\Downloads\Defogger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JC\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sunherald.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = 192.168.1.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: LNHelper.BarHelper: {05a34600-8920-479b-92a9-68facf7bb8fa} - mscoree.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CPub Object: {c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\defenderpro antispy\popupblocker\PopupBlocker.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{86be1cda-4f72-4c2f-9526-8e6a22df46ed}
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Defender Pro Anti-Scam: {102bad8b-cd05-46ff-94ff-a2c1abd5f7d5} - c:\program files\defender pro\defender pro anti-scam\mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gukukplo] c:\documents and settings\jc\local settings\application data\nxserv\twjrsysguard.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [wsdkrlxp.exe] c:\docume~1\jc\locals~1\temp\wsdkrlxp.exe
uRun: [Data Protection] "c:\program files\data protection\datprot.exe" -noscan
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [gukukplo] c:\documents and settings\jc\local settings\application data\nxserv\twjrsysguard.exe
mRun: [ServicesNotify] c:\program files\defender pro\defender pro anti-scam\ServicesNotify.exe
mRun: [DPAS] "c:\program files\defenderpro antispy\DPASNT.exe"
mRun: [DPASUpdate] "c:\program files\defenderpro antispy\DPASAutoUpdate.exe"
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printe~1.lnk - c:\program files\sharp\printer status monitor\Smon.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\doyles~1\client.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - {93F764AC-24D1-484F-92EA-3C84E31CDF72} - c:\program files\defenderpro antispy\popupblocker\PopupBlocker.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - hxxp://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jc\applic~1\mozilla\firefox\profiles\dw3f6ln7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sunherald.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-5-30 192896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-22 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-23 38224]

=============== Created Last 30 ================

2010-05-24 15:33:53 0 ----a-w- c:\documents and settings\jc\defogger_reenable
2010-05-24 03:06:48 0 d-----w- c:\docume~1\jc\applic~1\Malwarebytes
2010-05-24 03:06:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 03:06:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 03:06:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 03:06:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-21 16:42:07 0 d-----w- c:\program files\Data Protection
2010-05-18 16:18:36 1089601 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-05-14 05:09:55 230424 ----a-w- C:\img2-001.raw
2010-05-14 05:01:35 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-14 05:01:35 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-14 05:01:23 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-14 05:01:23 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-14 05:01:15 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-05-14 05:01:15 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-05-14 05:01:15 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-05-14 05:01:15 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-14 05:01:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-05-14 05:01:07 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-05-14 05:01:01 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-05-14 05:01:01 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-14 04:59:10 762736 ----a-w- c:\windows\vVX3000.exe
2010-05-14 04:59:10 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-05-14 04:59:10 503152 ----a-w- c:\windows\system32\LcProxy.ax
2010-05-14 04:59:10 227696 ----a-w- c:\windows\vVX3000.dll
2010-05-14 04:59:10 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-05-14 04:59:10 175472 ----a-w- c:\windows\system32\cVX3000.dll
2010-05-14 04:59:10 15498 ----a-w- c:\windows\VX3000.ini
2010-05-14 04:59:10 13023 ----a-w- c:\windows\VX3000.src
2010-05-14 04:59:10 101232 ----a-w- c:\windows\VX3000.dll
2010-05-14 04:58:32 0 d-----w- c:\program files\Microsoft LifeCam
2010-05-14 04:58:25 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-14 04:58:23 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-14 04:58:14 0 d-----w- c:\windows\Logs
2010-05-14 04:48:18 0 d-----w- c:\windows\system32\XPSViewer
2010-05-14 04:46:39 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-14 04:46:39 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-14 04:46:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-14 04:46:39 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-14 04:46:39 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-14 04:46:39 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-14 04:46:39 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-14 04:46:38 0 d-----w- C:\66926bcb86f3331b18dfcd4ab673be
2010-05-14 04:40:41 0 d-----w- c:\program files\MSXML 6.0
2010-05-14 04:20:45 0 d-----w- c:\program files\BellSouthWCC
2010-05-14 04:15:22 0 d-----w- c:\program files\ATT-HSI
2010-05-14 04:14:52 0 d-----w- c:\program files\common files\Motive
2010-05-14 03:35:52 0 dc-h--w- c:\windows\ie8
2010-05-13 04:43:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-13 04:40:18 0 d-----r- c:\program files\Skype
2010-05-13 04:33:16 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-13 04:33:16 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-13 04:23:20 172 ----a-w- c:\windows\system32\MRT.INI
2010-05-07 14:14:40 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 04:33:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-02 23:09:20 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-05-18 20:09:34 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-18 20:09:34 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-05-14 04:21:52 768 ----a-w- c:\program files\INSTALL.LOG
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-04 20:01:09 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 20:01:09 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-04 20:01:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-23 16:35:28 737280 ----a-w- c:\windows\iun6002.exe
2005-12-25 14:08:11 336915 --sh--w- c:\windows\system32\rqtss.bak1

============= FINISH: 10:36:55.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 26 May 2010 - 03:29 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 jgc1024

jgc1024
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 29 May 2010 - 04:24 PM

I have downloaded and tried to run Malwarebytes' but my computer keeps shutting down during the scan.


DDS (Ver_10-03-17.01) - NTFSx86
Run by JC at 9:48:57.23 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.68 [GMT -5:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\wsdkrlxp.exe
C:\Program Files\Data Protection\datprot.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JC\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sunherald.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = 192.168.1.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: LNHelper.BarHelper: {05a34600-8920-479b-92a9-68facf7bb8fa} - mscoree.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CPub Object: {c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\defenderpro antispy\popupblocker\PopupBlocker.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{86be1cda-4f72-4c2f-9526-8e6a22df46ed}
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Defender Pro Anti-Scam: {102bad8b-cd05-46ff-94ff-a2c1abd5f7d5} - c:\program files\defender pro\defender pro anti-scam\mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gukukplo] c:\documents and settings\jc\local settings\application data\nxserv\twjrsysguard.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [wsdkrlxp.exe] c:\docume~1\jc\locals~1\temp\wsdkrlxp.exe
uRun: [Data Protection] "c:\program files\data protection\datprot.exe" -noscan
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [gukukplo] c:\documents and settings\jc\local settings\application data\nxserv\twjrsysguard.exe
mRun: [ServicesNotify] c:\program files\defender pro\defender pro anti-scam\ServicesNotify.exe
mRun: [DPAS] "c:\program files\defenderpro antispy\DPASNT.exe"
mRun: [DPASUpdate] "c:\program files\defenderpro antispy\DPASAutoUpdate.exe"
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printe~1.lnk - c:\program files\sharp\printer status monitor\Smon.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\doyles~1\client.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - {93F764AC-24D1-484F-92EA-3C84E31CDF72} - c:\program files\defenderpro antispy\popupblocker\PopupBlocker.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - hxxp://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jc\applic~1\mozilla\firefox\profiles\dw3f6ln7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sunherald.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-5-30 192896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-22 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-23 38224]

=============== Created Last 30 ================

2010-05-24 15:33:53 0 ----a-w- c:\documents and settings\jc\defogger_reenable
2010-05-24 03:06:48 0 d-----w- c:\docume~1\jc\applic~1\Malwarebytes
2010-05-24 03:06:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 03:06:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 03:06:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 03:06:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-21 16:42:07 0 d-----w- c:\program files\Data Protection
2010-05-18 16:18:36 1089601 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-05-14 05:09:55 230424 ----a-w- C:\img2-001.raw
2010-05-14 05:01:35 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-14 05:01:35 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-14 05:01:23 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-14 05:01:23 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-14 05:01:15 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-05-14 05:01:15 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-05-14 05:01:15 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-05-14 05:01:15 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-14 05:01:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-05-14 05:01:07 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-05-14 05:01:01 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-05-14 05:01:01 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-14 04:59:10 762736 ----a-w- c:\windows\vVX3000.exe
2010-05-14 04:59:10 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-05-14 04:59:10 503152 ----a-w- c:\windows\system32\LcProxy.ax
2010-05-14 04:59:10 227696 ----a-w- c:\windows\vVX3000.dll
2010-05-14 04:59:10 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-05-14 04:59:10 175472 ----a-w- c:\windows\system32\cVX3000.dll
2010-05-14 04:59:10 15498 ----a-w- c:\windows\VX3000.ini
2010-05-14 04:59:10 13023 ----a-w- c:\windows\VX3000.src
2010-05-14 04:59:10 101232 ----a-w- c:\windows\VX3000.dll
2010-05-14 04:58:32 0 d-----w- c:\program files\Microsoft LifeCam
2010-05-14 04:58:25 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-14 04:58:23 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-14 04:58:14 0 d-----w- c:\windows\Logs
2010-05-14 04:48:18 0 d-----w- c:\windows\system32\XPSViewer
2010-05-14 04:46:39 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-14 04:46:39 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-14 04:46:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-14 04:46:39 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-14 04:46:39 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-14 04:46:39 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-14 04:46:39 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-14 04:46:38 0 d-----w- C:\66926bcb86f3331b18dfcd4ab673be
2010-05-14 04:40:41 0 d-----w- c:\program files\MSXML 6.0
2010-05-14 04:20:45 0 d-----w- c:\program files\BellSouthWCC
2010-05-14 04:15:22 0 d-----w- c:\program files\ATT-HSI
2010-05-14 04:14:52 0 d-----w- c:\program files\common files\Motive
2010-05-14 03:35:52 0 dc-h--w- c:\windows\ie8
2010-05-13 04:43:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-13 04:40:18 0 d-----r- c:\program files\Skype
2010-05-13 04:33:16 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-13 04:33:16 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-13 04:23:20 172 ----a-w- c:\windows\system32\MRT.INI
2010-05-07 14:14:40 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 04:33:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-02 23:09:20 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-05-18 20:09:34 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-18 20:09:34 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-05-14 04:21:52 768 ----a-w- c:\program files\INSTALL.LOG
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-04 20:01:09 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 20:01:09 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-04 20:01:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2005-12-25 14:08:11 336915 --sh--w- c:\windows\system32\rqtss.bak1

============= FINISH: 9:53:14.42 ===============

Attached Files



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 31 May 2010 - 12:01 PM

Hi,


One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.





If you decide to continue the cleaning process then:


1. Please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here is an alternative link to download ComboFix, if the above one is not working for you:
2. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.
3. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
4. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 2.

5. What I need in Your Next Reply:
  • ComboFix.txt



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 jgc1024

jgc1024
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 01 June 2010 - 06:33 PM

ComboFix 10-06-01.01 - JC 06/01/2010 17:51:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.286 [GMT -5:00]
Running from: c:\documents and settings\JC\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\JC\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\JC\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.lnk
c:\documents and settings\JC\Desktop\nudetube.com.lnk
c:\documents and settings\JC\Desktop\pornotube.com.lnk
c:\documents and settings\JC\Desktop\spam001.exe
c:\documents and settings\JC\Desktop\spam003.exe
c:\documents and settings\JC\Desktop\troj000.exe
c:\documents and settings\JC\Desktop\youporn.com.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection
c:\documents and settings\JC\Start Menu\Programs\Data Protection\About.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Activate.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Buy.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Data Protection Support.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Data Protection.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Scan.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Settings.lnk
c:\documents and settings\JC\Start Menu\Programs\Data Protection\Update.lnk
c:\program files\Common Files\ukwi
c:\program files\Common Files\ukwi\ukwid\class-barrel
c:\program files\Common Files\ukwi\ukwid\vocabulary
c:\program files\Data Protection
c:\program files\Data Protection\about.ico
c:\program files\Data Protection\activate.ico
c:\program files\Data Protection\buy.ico
c:\program files\Data Protection\dat.db
c:\program files\Data Protection\datext.dll
c:\program files\Data Protection\dathook.dll
c:\program files\Data Protection\datprot.exe
c:\program files\Data Protection\help.ico
c:\program files\Data Protection\scan.ico
c:\program files\Data Protection\settings.ico
c:\program files\Data Protection\splash.mp3
c:\program files\Data Protection\Uninstall.exe
c:\program files\Data Protection\update.ico
c:\program files\Data Protection\virus.mp3
c:\program files\INSTALL.LOG
c:\windows\PRAGMAipfyappepy
c:\windows\PRAGMAipfyappepy\pragmabbr.dll
c:\windows\PRAGMAipfyappepy\PRAGMAc.dll
c:\windows\PRAGMAipfyappepy\PRAGMAcfg.ini
c:\windows\PRAGMAipfyappepy\PRAGMAd.sys
c:\windows\PRAGMAipfyappepy\pragmaserf.dll
c:\windows\PRAGMAipfyappepy\PRAGMAsrcr.dat
c:\windows\system32\PRAGMAerrors.log
c:\windows\system32\pragmasrcr.dat
c:\windows\system32\rqtss.bak1
c:\windows\system32\zip32.dll

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PRAGMAipfyappepy
-------\Legacy_PRAGMAipfyappepy


((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-05-29 20:27 . 2010-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-29 20:26 . 2010-05-29 20:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-24 03:06 . 2010-05-24 03:06 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2010-05-24 03:06 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 03:06 . 2010-05-24 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 03:06 . 2010-05-24 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-24 03:06 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 22:58 . 2010-05-24 14:07 -------- d-----w- c:\documents and settings\JC\Local Settings\Application Data\Temp
2010-05-14 05:01 . 2004-08-04 03:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-14 05:01 . 2004-08-04 03:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-14 05:01 . 2004-08-04 04:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-14 05:01 . 2004-08-04 04:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-14 05:01 . 2004-08-04 04:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-05-14 05:01 . 2004-08-04 04:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-14 05:01 . 2004-08-04 04:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-05-14 05:01 . 2004-08-04 04:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-05-14 05:01 . 2004-08-04 04:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-05-14 05:01 . 2004-08-04 04:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-14 05:00 . 2004-08-04 04:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-05-14 05:00 . 2004-08-04 04:10 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-05-14 05:00 . 2004-08-04 04:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-05-14 05:00 . 2004-08-04 04:10 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-05-14 05:00 . 2004-08-04 05:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-05-14 05:00 . 2004-08-04 05:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-14 04:59 . 2010-03-12 23:41 762736 ----a-w- c:\windows\vVX3000.exe
2010-05-14 04:59 . 2010-03-12 23:41 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-05-14 04:59 . 2010-03-12 23:41 227696 ----a-w- c:\windows\vVX3000.dll
2010-05-14 04:59 . 2010-03-12 23:41 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-05-14 04:59 . 2010-03-12 23:41 175472 ----a-w- c:\windows\system32\cVX3000.dll
2010-05-14 04:59 . 2010-03-12 23:41 101232 ----a-w- c:\windows\VX3000.dll
2010-05-14 04:59 . 2010-05-14 04:59 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-14 04:58 . 2010-05-14 04:59 -------- d-----w- c:\program files\Microsoft LifeCam
2010-05-14 04:58 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-14 04:58 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-14 04:58 . 2010-05-14 04:58 -------- d-----w- c:\windows\Logs
2010-05-14 04:49 . 2010-05-21 18:05 134464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-14 04:48 . 2010-05-14 04:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-14 04:48 . 2010-05-14 04:48 -------- d-----w- c:\program files\MSBuild
2010-05-14 04:47 . 2010-05-14 04:47 -------- d-----w- c:\program files\Reference Assemblies
2010-05-14 04:47 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-14 04:46 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-14 04:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-14 04:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-14 04:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-14 04:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-14 04:46 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-14 04:46 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-14 04:46 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-14 04:46 . 2010-05-14 04:47 -------- d-----w- C:\66926bcb86f3331b18dfcd4ab673be
2010-05-14 04:40 . 2010-05-14 04:40 -------- d-----w- c:\program files\MSXML 6.0
2010-05-14 04:20 . 2010-05-14 04:20 -------- d-----w- c:\program files\BellSouthWCC
2010-05-14 04:16 . 2010-05-14 04:23 -------- d-----w- c:\documents and settings\JC\Application Data\Motive
2010-05-14 04:15 . 2010-05-14 04:15 -------- d-----w- c:\program files\ATT-HSI
2010-05-14 04:14 . 2010-05-14 04:20 -------- d-----w- c:\program files\Common Files\Motive
2010-05-14 04:13 . 2010-05-14 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-05-14 03:35 . 2010-05-14 03:37 -------- dc-h--w- c:\windows\ie8
2010-05-13 16:40 . 2010-05-13 16:40 -------- d-sh--w- c:\documents and settings\Sarah Cure\IECompatCache
2010-05-13 16:35 . 2010-05-13 16:35 -------- d-sh--w- c:\documents and settings\Sarah Cure\PrivacIE
2010-05-13 16:34 . 2010-05-13 16:34 439816 ----a-w- c:\documents and settings\Sarah Cure\Application Data\Real\Update\setup3.10\setup.exe
2010-05-13 04:43 . 2010-05-13 04:43 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-13 04:43 . 2010-06-01 22:06 -------- d-----w- c:\documents and settings\JC\Application Data\skypePM
2010-05-13 04:41 . 2010-06-01 22:40 -------- d-----w- c:\documents and settings\JC\Application Data\Skype
2010-05-13 04:40 . 2010-05-13 04:40 -------- d-----w- c:\program files\Common Files\Skype
2010-05-13 04:40 . 2010-05-13 04:41 -------- d-----r- c:\program files\Skype
2010-05-13 04:39 . 2010-05-13 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-13 04:33 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-13 04:33 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-07 14:14 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 04:33 . 2010-05-05 04:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-02 23:09 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 19:07 . 2005-10-27 17:06 -------- d-----w- c:\program files\Google
2010-05-21 17:58 . 2005-08-09 05:00 58944 ----a-w- c:\documents and settings\Sarah Cure\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 20:09 . 2004-08-04 00:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-14 05:07 . 2009-10-09 02:43 58944 ----a-w- c:\documents and settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-13 05:19 . 2010-02-23 16:36 -------- d-----w- c:\program files\DefenderPro AntiSpy
2010-05-13 05:07 . 2005-02-05 05:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-13 05:07 . 2005-02-05 05:12 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-13 05:07 . 2005-02-05 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-13 05:05 . 2005-02-05 05:11 -------- d-----w- c:\program files\Symantec
2010-05-13 04:57 . 2005-05-30 10:07 -------- d-----w- c:\documents and settings\Sarah Cure\Application Data\Symantec
2010-03-10 06:15 . 2004-08-04 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 20:01 . 2003-03-19 10:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-04 20:01 . 2003-03-19 09:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 20:01 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-29 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-09 790528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-25 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"DPAS"="c:\program files\DefenderPro AntiSpy\DPASNT.exe" [2005-04-29 532480]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]

c:\documents and settings\Sarah Cure\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-12 299008]
PowerReg Scheduler.exe [2005-8-3 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
Printer Status Monitor.lnk - c:\program files\SHARP\Printer Status Monitor\Smon.exe [2006-7-19 176217]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SHARP\\Printer Status Monitor\\Smon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/30/2005 4:54 AM 192896]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2010 10:22 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/23/2010 10:06 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 04:19]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 15:22]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sunherald.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = 192.168.1.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\DOYLES~1\client.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\dw3f6ln7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sunherald.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-gukukplo - c:\documents and settings\JC\Local Settings\Application Data\nxserv\twjrsysguard.exe
HKCU-Run-Data Protection - c:\program files\Data Protection\datprot.exe
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
HKLM-Run-gukukplo - c:\documents and settings\JC\Local Settings\Application Data\nxserv\twjrsysguard.exe
HKLM-Run-ServicesNotify - c:\program files\Defender Pro\Defender Pro Anti-Scam\ServicesNotify.exe
HKLM-Run-DPASUpdate - c:\program files\DefenderPro AntiSpy\DPASAutoUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 18:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?7?4?0??????? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-01 18:08:16
ComboFix-quarantined-files.txt 2010-06-01 23:08

Pre-Run: 36,150,235,136 bytes free
Post-Run: 36,968,574,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F5C317BF1460866ECB4D31090D1CCC7A


#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 05 June 2010 - 02:46 PM

Hi,


I'm very sorry for the delay, my replied are being revised by a coach and I needed to wait for it.


How is the system working now?


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 jgc1024

jgc1024
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 05 June 2010 - 05:17 PM

running much better now...a little slower than before but i downloaded AVG it seems like the scans have slowed it down some.



OTL logfile created on: 6/5/2010 5:08:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\JC\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.00 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive D: | 362.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH
Current User Name: JC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/05 17:07:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\My Documents\Downloads\OTL.exe
PRC - [2010/06/04 14:00:16 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/04 13:58:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/04 13:57:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/04 13:47:21 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/04 13:46:56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/02 18:00:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/04 14:20:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/12 18:41:18 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/29 14:47:33 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/21 20:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/03/21 14:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/10 13:01:02 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellSouthWCC\McciTrayApp.exe
PRC - [2005/05/24 04:48:17 | 000,950,272 | ---- | M] (DefenderPro) -- C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
PRC - [2005/04/29 06:17:19 | 000,532,480 | ---- | M] (DefenderPro) -- C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/11/04 13:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/17 14:17:44 | 000,176,217 | ---- | M] () -- C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/07 12:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/06/05 17:07:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/12/19 20:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2004/11/04 13:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/02 18:00:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/04 13:58:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/04 13:57:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/02 18:01:07 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/12 18:41:18 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/09/17 08:53:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/08/27 13:25:12 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/08/27 13:25:12 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/12/21 16:33:14 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/23 09:57:56 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/23 09:56:40 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/11/17 05:30:40 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/04 13:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/27 13:15:32 | 000,342,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/11 19:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/28 05:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/06/10 09:59:56 | 000,192,896 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/06/10 09:58:58 | 000,684,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/10 09:58:24 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/12 15:26:02 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sunherald.com/
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.1.*;<local>
IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sunherald.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..network.proxy.no_proxies_on: "192.168.1.*"

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/05 16:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/02 18:00:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 16:26:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 14:20:35 | 000,000,000 | ---D | M]

[2009/10/18 21:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\Mozilla\Extensions
[2010/06/05 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\dw3f6ln7.default\extensions
[2010/05/20 23:29:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\dw3f6ln7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/14 10:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\dw3f6ln7.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/06/05 17:00:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 23:41:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/06/01 18:04:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (Osborn Technologies, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Defender Pro Anti-Scam) - {102BAD8B-CD05-46ff-94FF-A2C1ABD5F7D5} - C:\Program Files\Defender Pro\Defender Pro Anti-Scam\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3120454145-596827401-533628621-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DPAS] C:\Program Files\DefenderPro AntiSpy\DPASNT.exe (DefenderPro)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3120454145-596827401-533628621-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe ()
O4 - Startup: C:\Documents and Settings\Sarah Cure\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\Sarah Cure\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (Osborn Technologies, Inc.)
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (Osborn Technologies, Inc.)
O9 - Extra Button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\Program Files\Doyles Room Poker\client.exe (Tribeca Tables Europe Limited)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/31 19:05:48 | 000,000,638 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2009/02/09 19:57:07 | 000,000,374 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 15:59:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 10:28:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/03 10:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Local Settings\Application Data\AVG Security Toolbar
[2010/06/02 18:01:09 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/02 18:01:08 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:01:07 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/02 18:01:05 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/02 18:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/02 18:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/02 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/02 17:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/01 21:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Local Settings\Application Data\Identities
[2010/06/01 17:42:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/01 17:17:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 17:17:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 17:17:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 17:17:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 17:13:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 17:12:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/29 15:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/05/29 15:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/29 15:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/23 22:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\Malwarebytes
[2010/05/23 22:06:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/23 22:06:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/23 22:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 22:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Local Settings\Application Data\Temp
[2010/05/14 10:10:21 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/14 00:01:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/14 00:01:23 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/14 00:01:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/14 00:01:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/14 00:01:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/14 00:01:07 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/05/14 00:01:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/14 00:00:52 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/14 00:00:45 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/14 00:00:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/05/14 00:00:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/14 00:00:11 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/14 00:00:11 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/14 00:00:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/14 00:00:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/14 00:00:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/05/14 00:00:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/14 00:00:07 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/14 00:00:07 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/13 23:59:10 | 001,961,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX3000.sys
[2010/05/13 23:59:10 | 000,762,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2010/05/13 23:59:10 | 000,677,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin32.dll
[2010/05/13 23:59:10 | 000,503,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LcProxy.ax
[2010/05/13 23:59:10 | 000,227,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.dll
[2010/05/13 23:59:10 | 000,175,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX3000.dll
[2010/05/13 23:59:10 | 000,101,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VX3000.dll
[2010/05/13 23:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/13 23:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2010/05/13 23:58:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/05/13 23:58:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/05/13 23:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/05/13 23:48:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/05/13 23:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/05/13 23:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/05/13 23:46:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/05/13 23:46:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/05/13 23:46:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/05/13 23:46:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/05/13 23:46:39 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/05/13 23:46:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/05/13 23:46:38 | 000,000,000 | ---D | C] -- C:\66926bcb86f3331b18dfcd4ab673be
[2010/05/13 23:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/05/13 23:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\BellSouthWCC
[2010/05/13 23:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\Motive
[2010/05/13 23:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2010/05/13 23:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/05/13 23:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/05/13 22:35:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/13 11:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/05/12 23:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\skypePM
[2010/05/12 23:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\Skype
[2010/05/12 23:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/12 23:40:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/12 23:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/12 23:33:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/12 23:33:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/05/07 09:14:40 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/05 17:05:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 16:47:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/05 16:45:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 16:45:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 16:44:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 16:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/05 16:43:45 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 13:58:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/04 13:57:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/04 13:56:00 | 060,691,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/03 19:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/02 18:01:10 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/02 18:01:09 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/02 18:01:09 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/02 18:01:07 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/02 17:14:53 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\JC\NTUSER.DAT
[2010/06/02 17:14:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\JC\ntuser.ini
[2010/06/02 16:48:47 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/02 16:37:50 | 000,507,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/02 16:37:50 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/02 16:37:50 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/01 18:05:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/01 18:04:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/01 17:42:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/24 14:09:31 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/24 10:33:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\JC\defogger_reenable
[2010/05/23 23:11:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/21 13:02:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/18 15:09:34 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/05/14 10:15:49 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/14 00:18:00 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/05/14 00:07:32 | 000,058,944 | ---- | M] () -- C:\Documents and Settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/14 00:03:24 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/13 23:59:15 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2010/05/12 23:43:35 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 18:01:09 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/02 18:01:09 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/02 18:00:39 | 060,691,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/01 17:42:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/01 17:42:36 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/01 17:17:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 17:17:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 17:17:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 17:17:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 17:17:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/24 14:09:31 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/24 10:33:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JC\defogger_reenable
[2010/05/23 22:06:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 10:22:49 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 10:22:48 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 00:09:55 | 000,230,424 | ---- | C] () -- C:\img2-001.raw
[2010/05/13 23:59:15 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2010/05/13 23:59:10 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2010/05/13 23:59:10 | 000,013,023 | ---- | C] () -- C:\WINDOWS\VX3000.src
[2010/05/13 00:38:46 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\JC\My Documents\PubWhiteList.pwl
[2010/05/13 00:08:23 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/12 23:43:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/12 23:40:25 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/12 23:23:20 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/18 23:55:59 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/25 10:07:23 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/19 10:38:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2006/07/19 10:38:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\usb2f.dll
[2006/07/19 10:38:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2005/08/31 16:12:13 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2005/08/03 05:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2005/02/05 00:03:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/05 00:03:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/05 00:03:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/05 00:03:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/05 00:03:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/05 00:03:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/04 23:56:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 23:46:07 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 03:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >


OTL Extras logfile created on: 6/5/2010 5:08:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\JC\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.00 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive D: | 362.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH
Current User Name: JC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3120454145-596827401-533628621-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\SHARP\Printer Status Monitor\Smon.exe" = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe:*:Enabled:smon -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\palmOne\HOTSYNC.EXE" = C:\Program Files\palmOne\HOTSYNC.EXE:*:Disabled:HotSync Manager -- (Palm, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BE1CDA-4F72-4C2F-9526-8E6A22DF46ED}" = LexisNexis Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AED34F40-EB55-416D-BAAE-91DEA6A9B5B7}" = Defender Pro Anti-Scam
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = TIxx21/x515
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Connectivity Services" = AOL Connectivity Services
"AT&T Wireless Connection Tool" = AT&T Wireless Connection Tool
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = SoftV90 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Defender Pro PC Tune-up and Repair" = Defender Pro PC Tune-up and Repair
"Doyles Room Poker" = Doyles Room Poker
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"FamilyFeudOnlineParty" = FamilyFeudOnlineParty (remove only)
"Google Updater" = Google Updater
"Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
"HP Officejet 7200 series_Driver" = HP Officejet 7200 series
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"HP Photo & Imaging" = HP Image Zone 4.2
"hp psc 1310 series_Driver" = hp psc 1310 series
"ie8" = Windows Internet Explorer 8
"IMA Spring 2007 Student" = Intermediate Algebra
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{AED34F40-EB55-416D-BAAE-91DEA6A9B5B7}" = Defender Pro Anti-Scam
"InstallShield_{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = Texas Instruments PCIxx21/x515 drivers.
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"OmniquadDPAS" = DefenderPro AntiSpy
"Printer Status Monitor" = Printer Status Monitor Version 4.0
"RealPlayer 6.0" = RealPlayer
"SHARP AR-C170 Series PCL5c Printer Driver" = SHARP AR-C170 Series PCL5c Printer Driver
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2010 10:34:32 AM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/27/2010 10:34:33 AM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/1/2010 6:05:01 PM | Computer Name = SARAH | Source = Application Error | ID = 1000
Description = Faulting application datprot.exe, version 0.0.0.0, faulting module
datprot.exe, version 0.0.0.0, fault address 0x000659c8.

Error - 6/1/2010 6:08:38 PM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/1/2010 6:08:40 PM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/5/2010 4:05:06 PM | Computer Name = SARAH | Source = Google Update | ID = 20
Description =

Error - 6/5/2010 5:05:06 PM | Computer Name = SARAH | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 5/27/2010 10:34:32 AM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/27/2010 10:34:33 AM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/1/2010 6:05:01 PM | Computer Name = SARAH | Source = Application Error | ID = 1000
Description = Faulting application datprot.exe, version 0.0.0.0, faulting module
datprot.exe, version 0.0.0.0, fault address 0x000659c8.

Error - 6/1/2010 6:08:38 PM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/1/2010 6:08:40 PM | Computer Name = SARAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/2/2010 6:36:10 PM | Computer Name = SARAH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/5/2010 4:05:06 PM | Computer Name = SARAH | Source = Google Update | ID = 20
Description =

Error - 6/5/2010 5:05:06 PM | Computer Name = SARAH | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 5/29/2010 5:19:49 PM | Computer Name = SARAH | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 5/29/2010 5:20:19 PM | Computer Name = SARAH | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 5/29/2010 5:20:49 PM | Computer Name = SARAH | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 6/1/2010 5:48:57 PM | Computer Name = SARAH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.68 on
the Network Card with network address 00904BAC9EF4.

Error - 6/1/2010 5:49:55 PM | Computer Name = SARAH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/1/2010 5:50:38 PM | Computer Name = SARAH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 6/1/2010 5:55:38 PM | Computer Name = SARAH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/1/2010 5:55:38 PM | Computer Name = SARAH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/3/2010 10:58:00 AM | Computer Name = SARAH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 6/4/2010 4:14:43 PM | Computer Name = SARAH | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.


< End of report >


#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 07 June 2010 - 02:51 PM

Hi,


We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED} - Reg Error: Value error. File not found
    O32 - AutoRun File - [2009/02/09 19:57:07 | 000,000,374 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    IE - HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
    4. Click on to download the ESET Smart Installer. Save it to your desktop.
    5. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Elle

Edited by Blind Faith, 07 June 2010 - 02:56 PM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:20 AM

Posted 13 June 2010 - 02:09 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:20 AM

Posted 22 June 2010 - 05:03 PM

Hi,

the topic has been reopened please post your log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jgc1024

jgc1024
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 23 June 2010 - 07:22 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED}\ deleted successfully.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
HKU\S-1-5-21-3120454145-596827401-533628621-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

OTL by OldTimer - Version 3.2.5.3 log created on 06162010_180503

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...


C:\Documents and Settings\JC\Application Data\Sun\Java\Deployment\cache\6.0\44\4a94aa6c-208df030 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Documents and Settings\Sarah Cure\Shared\Eighties classic (touch).wma WMA/TrojanDownloader.Wimad.K trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Common Files\ukwi\ukwid\vocabulary.vir Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Data Protection\datext.dll.vir Win32/TrojanDownloader.Prodatect.AE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Data Protection\dathook.dll.vir Win32/TrojanDownloader.Prodatect.AE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Data Protection\datprot.exe.vir Win32/Adware.CoreguardAntivirus.F application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Data Protection\Uninstall.exe.vir Win32/Adware.CoreguardAntivirus application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAipfyappepy\pragmabbr.dll.vir a variant of Win32/Kryptik.ENE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAipfyappepy\PRAGMAc.dll.vir a variant of Win32/Kryptik.ENE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAipfyappepy\PRAGMAd.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAipfyappepy\pragmaserf.dll.vir a variant of Win32/Kryptik.ENE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqtss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.RF trojan cleaned - quarantined


#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 26 June 2010 - 03:26 PM

Hello,


Please run OTL again with the settings I gave you here.

There will be only one log since it isn't the first time we use it. smile.gif



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:20 AM

Posted 07 July 2010 - 02:18 PM

Hi,

Due to lack of feedback, this topic is now Closed

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users