Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Streetjo

Streetjo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 July 2010 - 08:25 AM

Hi,
I think I have a virus as it is stopping me from download things from the internet, installing programs and basically making my computer run extremely slow. It is stopping my security software (windows onecare) and when I scan for viruses using Malwarebytes Anti Malware nothing is found. I was unable to download and run the programs required to produce the logs, therefore I had to run them whilst it is in Safe Mode. Also I think I am supposed to attach an Attach.txt file which is produced after DDS is run but it did not produce one; only the DDS.txt

Thanks for any replies.

This is my DDS Log:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Josh at 13:27:54.66 on 13/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1466 [GMT 1:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Josh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5104.1546\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\mozilla firefox\extensions\{1253d21b-263b-1843-275c-1726da8b2a12}\components\FFProxy36.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 5\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy36.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\josh\appdata\locallow\powerc~1\nppowerloader.dll
FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-15 27632]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-17 9344]
S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\microsoft.net\framework\v4.0.30128\mscorsvw.exe [2010-1-28 130384]
S2 gupdate1c98b9853f26a7e;Google Update Service (gupdate1c98b9853f26a7e);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2009-11-22 283992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-6 57344]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-11-13 14976]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-13 1153368]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-4-17 104288]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-4-17 350048]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-4-17 63328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-4 13224]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-3-18 28160]
S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-12-25 53168]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-1-24 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-1-24 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-1-24 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-1-24 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-1-24 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-1-24 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-1-24 110120]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-17 812544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [2010-1-28 738656]
S4 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-4-17 299008]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-17 333088]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-17 87328]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-07-13 12:12:34 160480361 ----a-w- c:\windows\MEMORY.DMP
2010-07-13 09:31:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 09:31:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 21:10:30 65536 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TM.blf
2010-07-12 21:10:30 524288 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TMContainer00000000000000000002.regtrans-ms
2010-07-12 21:10:30 524288 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TMContainer00000000000000000001.regtrans-ms
2010-07-12 20:56:55 65536 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TM.blf
2010-07-12 20:56:55 524288 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TMContainer00000000000000000002.regtrans-ms
2010-07-12 20:56:55 524288 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TMContainer00000000000000000001.regtrans-ms
2010-07-12 18:41:37 0 d-----w- c:\program files\Trend Micro
2010-07-09 12:25:10 0 d-----w- c:\programdata\Ableton
2010-07-09 12:25:08 0 d-----w- c:\users\josh\appdata\roaming\Ableton
2010-07-09 10:30:57 0 d-----w- c:\users\josh\appdata\roaming\Renoise
2010-07-09 00:14:53 0 d-----w- c:\users\josh\appdata\roaming\Sawer
2010-07-09 00:14:51 0 d-----w- c:\users\josh\appdata\roaming\Sakura
2010-07-09 00:14:25 0 d-----w- c:\users\josh\appdata\roaming\PoiZone
2010-07-09 00:11:57 0 d-----w- c:\users\josh\appdata\roaming\Hardcore
2010-07-08 13:23:32 0 d-----w- c:\program files\ASIO4ALL v2
2010-07-08 13:22:48 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-07-08 13:21:59 0 d-----w- c:\program files\VstPlugins
2010-07-08 13:21:55 0 d-----w- c:\program files\Outsim
2010-07-08 12:37:30 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-07-08 12:37:30 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-07-08 12:37:30 0 d-----w- c:\programdata\Propellerhead Software
2010-07-08 12:37:19 0 d-----w- c:\users\josh\appdata\roaming\Propellerhead Software
2010-07-04 18:34:50 0 d--h--w- C:\jexepackres
2010-07-04 09:58:31 0 d-----w- c:\users\josh\appdata\roaming\Wi-Fi Sync
2010-07-01 21:56:56 10216 ----a-w- c:\windows\system32\drivers\DMICall.sys
2010-07-01 21:49:34 0 d-----w- c:\program files\uTorrent
2010-06-29 15:51:41 0 d-----w- c:\users\josh\Podcasts
2010-06-23 22:59:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:59:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 21:29:14 0 d-----w- c:\users\josh\appdata\roaming\Mael
2010-06-18 20:38:57 0 d-----w- c:\programdata\GlobalSCAPE
2010-06-18 19:15:00 0 d-----w- c:\program files\WinSCP
2010-06-18 09:39:26 745472 ----a-w- c:\windows\system32\icuin36.dll
2010-06-18 09:33:25 0 d-----w- c:\windows\system32\CoreFoundation

==================== Find3M ====================

2010-07-09 00:29:25 119296 ----a-w- c:\windows\system32\zlib.dll
2010-07-03 21:15:15 86016 ----a-w- c:\windows\inf\infpub.dat
2010-07-03 21:15:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-03 21:15:15 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 10:59:07 139920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-16 10:58:40 214808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-16 10:58:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-08 08:55:38 75 ----a-w- c:\users\josh\jagex_runescape_preferences2.dat
2010-05-08 08:55:38 41 ----a-w- c:\users\josh\jagex_runescape_preferences.dat
2010-05-08 08:34:20 0 ----a-w- c:\users\josh\jagex__preferences3.dat
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 21:20:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 16:17:59 57064 ----a-w- c:\windows\fonts\mriamc.ttf
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 21:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-11-17 22:33:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-02 22:15:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-02 22:15:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-02 22:15:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-15 16:43:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 13:30:07.43 ===============

Attached Files

  • Attached File  ark.txt   5.89KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Streetjo

Streetjo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 15 July 2010 - 06:37 PM

Sorry to bump this thread but I thought I would post the new logs from my scans.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Josh at 11:31:25.66 on 15/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1317 [GMT 1:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5104.1546\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_42.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\mozilla firefox\extensions\{1253d21b-263b-1843-275c-1726da8b2a12}\components\FFProxy36.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 5\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy36.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\josh\appdata\locallow\powerc~1\nppowerloader.dll
FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\bl13l545.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-15 27632]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-17 9344]
S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\microsoft.net\framework\v4.0.30128\mscorsvw.exe [2010-1-28 130384]
S2 gupdate1c98b9853f26a7e;Google Update Service (gupdate1c98b9853f26a7e);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2009-11-22 283992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-6 57344]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-11-13 14976]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-4-17 104288]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-4-17 350048]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-4-17 63328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-4 13224]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-3-18 28160]
S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-12-25 53168]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-1-24 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-1-24 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-1-24 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-1-24 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-1-24 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-1-24 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-1-24 110120]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-17 812544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [2010-1-28 738656]
S4 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-4-17 299008]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-17 333088]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-17 87328]

============== File Associations ===============

regfile="regedit.exe" "%1"
.txt=

=============== Created Last 30 ================

2010-07-15 10:15:25 20 ----a-w- c:\users\josh\defogger_reenable
2010-07-15 00:27:34 65536 --sha-w- c:\users\josh\ntuser.dat{9a78790f-8fa7-11df-a470-d27eaf4b5a0b}.TM.blf
2010-07-15 00:27:34 524288 --sha-w- c:\users\josh\ntuser.dat{9a78790f-8fa7-11df-a470-d27eaf4b5a0b}.TMContainer00000000000000000002.regtrans-ms
2010-07-15 00:27:34 524288 --sha-w- c:\users\josh\ntuser.dat{9a78790f-8fa7-11df-a470-d27eaf4b5a0b}.TMContainer00000000000000000001.regtrans-ms
2010-07-15 00:19:55 0 --sha-w- c:\users\josh\ntuser.dat{74d29387-8fa6-11df-aeda-001a80f74cb2}.TMContainer00000000000000000002.regtrans-ms
2010-07-15 00:19:55 0 --sha-w- c:\users\josh\ntuser.dat{74d29387-8fa6-11df-aeda-001a80f74cb2}.TMContainer00000000000000000001.regtrans-ms
2010-07-15 00:19:55 0 --sha-w- c:\users\josh\ntuser.dat{74d29387-8fa6-11df-aeda-001a80f74cb2}.TM.blf
2010-07-15 00:08:22 0 d-----w- C:\ComboFix
2010-07-14 21:41:45 0 d-----w- C:\schrauber
2010-07-13 09:31:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 09:31:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 21:10:30 65536 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TM.blf
2010-07-12 21:10:30 524288 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TMContainer00000000000000000002.regtrans-ms
2010-07-12 21:10:30 524288 --sha-w- c:\users\josh\ntuser.dat{93ae64f0-8df9-11df-bbbf-af5ea291d308}.TMContainer00000000000000000001.regtrans-ms
2010-07-12 20:56:55 65536 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TM.blf
2010-07-12 20:56:55 524288 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TMContainer00000000000000000002.regtrans-ms
2010-07-12 20:56:55 524288 --sha-w- c:\users\josh\ntuser.dat{e4565085-8df7-11df-a4ac-001a80f74cb2}.TMContainer00000000000000000001.regtrans-ms
2010-07-12 18:41:37 0 d-----w- c:\program files\Trend Micro
2010-07-09 12:25:10 0 d-----w- c:\programdata\Ableton
2010-07-09 12:25:08 0 d-----w- c:\users\josh\appdata\roaming\Ableton
2010-07-09 10:30:57 0 d-----w- c:\users\josh\appdata\roaming\Renoise
2010-07-09 00:14:53 0 d-----w- c:\users\josh\appdata\roaming\Sawer
2010-07-09 00:14:51 0 d-----w- c:\users\josh\appdata\roaming\Sakura
2010-07-09 00:14:25 0 d-----w- c:\users\josh\appdata\roaming\PoiZone
2010-07-09 00:11:57 0 d-----w- c:\users\josh\appdata\roaming\Hardcore
2010-07-08 13:22:48 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-07-08 12:37:30 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-07-08 12:37:30 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-07-08 12:37:30 0 d-----w- c:\programdata\Propellerhead Software
2010-07-08 12:37:19 0 d-----w- c:\users\josh\appdata\roaming\Propellerhead Software
2010-07-04 18:34:50 0 d--h--w- C:\jexepackres
2010-07-04 09:58:31 0 d-----w- c:\users\josh\appdata\roaming\Wi-Fi Sync
2010-07-01 21:56:56 10216 ----a-w- c:\windows\system32\drivers\DMICall.sys
2010-07-01 21:49:34 0 d-----w- c:\program files\uTorrent
2010-06-29 15:51:41 0 d-----w- c:\users\josh\Podcasts
2010-06-23 22:59:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:59:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 21:29:14 0 d-----w- c:\users\josh\appdata\roaming\Mael
2010-06-18 20:38:57 0 d-----w- c:\programdata\GlobalSCAPE
2010-06-18 09:39:26 745472 ----a-w- c:\windows\system32\icuin36.dll
2010-06-18 09:33:25 0 d-----w- c:\windows\system32\CoreFoundation

==================== Find3M ====================

2010-07-09 00:29:25 119296 ----a-w- c:\windows\system32\zlib.dll
2010-07-03 21:15:15 86016 ----a-w- c:\windows\inf\infpub.dat
2010-07-03 21:15:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-03 21:15:15 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 10:59:07 139920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-16 10:58:40 214808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-16 10:58:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-08 08:55:38 75 ----a-w- c:\users\josh\jagex_runescape_preferences2.dat
2010-05-08 08:55:38 41 ----a-w- c:\users\josh\jagex_runescape_preferences.dat
2010-05-08 08:34:20 0 ----a-w- c:\users\josh\jagex__preferences3.dat
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 21:20:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 16:17:59 57064 ----a-w- c:\windows\fonts\mriamc.ttf
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 21:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-11-17 22:33:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-02 22:15:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-02 22:15:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-02 22:15:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-15 16:43:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 11:31:36.27 ===============

The gmer log is very empty, and I have not been able to run the scan again because it keeps on crashing. But since my last post I done the DDS scan and this time it did product the attach.txt log.

Attached Files



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:44 AM

Posted 18 July 2010 - 04:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 Streetjo

Streetjo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 18 July 2010 - 04:44 PM

Hi m0le,

thanks for the reply but I have since restored my computer and removed the virus. Sorry

Josh

P.S. I was just wondering if it would have been hard to remove. I doesn't matter but im just curious.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:44 AM

Posted 18 July 2010 - 04:50 PM

QUOTE(Streetjo @ Jul 18 2010, 10:44 PM) View Post
I was just wondering if it would have been hard to remove. I doesn't matter but im just curious.


Difficult to say, your description of the symptoms sound like a rootkit but without anything appearing on Gmer or DDS it is impossible to identify.

Thanks for letting me know, Streetjo. I will close the topic.

------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users