Hello and, I see alot of these posts around, sorry if I am 'spamming' the forums. But I need help, seeing as they all say each form of fixing is for the specific asker's computer. While I am working on my computer I get random IE click in the background, then sometimes I would hear sound like "Congratulations! You won" and other advertisements as well. Its really starting to get annoying, although unlike the others I have read about, nothing is wrong with my sound. No changes in volume settings or anything. I use Microsoft Security Essentials as well as Malawarebytes. Malawarebytes has saved me a few times from some serious virus, I cant seem to stop this.
Inumaru 0 Newbie Poster
Inumaru 0 Newbie Poster
Thank you, I am proceeding with those steps. Didnt have time but now I do. I will tell you the outcome
Inumaru 0 Newbie Poster
Question, Do I attach all the files. (Including the one that was mentioned to zip) or do I copy them and just attach the zip?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Copy the logs then paste them into your reply and attach the one requested.
Do not attach any zip files.
Inumaru 0 Newbie Poster
I am having problems with MBAM, It runs for about an hour then my laptop restarts itself, the second time I got a blue screen
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Just post the rest please.
Inumaru 0 Newbie Poster
GMER 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-06 21:23:33
Windows 5.1.2600 Service Pack 3
Running: 75z35tzz.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kweyifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 1080
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 1232
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3892
---- EOF - GMER 1.0.15 ----
GMER 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 22:50:12
Windows 5.1.2600 Service Pack 3
Running: 75z35tzz.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kweyifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat 88E8ED20
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1080
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1232
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 3892
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N39FAD8X\httpErrorPagesScripts[1] 8601 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NK31O1JL\info_48[1] 6993 bytes
File C:\WINDOWS\Temp\~DF5309.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 22:19:21.34 on Fri 08/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.309 [GMT -4:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\User\Desktop\75z35tzz.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com?o=15438&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\imvu.lnk - c:\documents and settings\user\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ij42qg7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://xinumarux.deviantart.com/
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-8-11 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-11 54752]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 49664]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-28 39296]
S1 MpKsl21c9af91;MpKsl21c9af91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{908e8c7f-c496-443f-9ba2-bfea32695d1f}\mpksl21c9af91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{908e8c7f-c496-443f-9ba2-bfea32695d1f}\MpKsl21c9af91.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2010-6-23 36480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]
S3 XDva295;XDva295;\??\c:\windows\system32\xdva295.sys --> c:\windows\system32\XDva295.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
=============== Created Last 30 ================
2010-08-06 13:09:59 6675 ----a-w- c:\documents and settings\user\.recently-used.xbel
2010-07-31 13:28:29 0 d-----w- c:\program files\Trend Micro
2010-07-31 12:21:32 0 d-sha-r- C:\cmdcons
2010-07-31 12:18:20 98816 ----a-w- c:\windows\sed.exe
2010-07-31 12:18:20 77312 ----a-w- c:\windows\MBR.exe
2010-07-31 12:18:20 256512 ----a-w- c:\windows\PEV.exe
2010-07-31 12:18:20 161792 ----a-w- c:\windows\SWREG.exe
2010-07-28 21:13:15 0 d-----w- c:\docume~1\user\applic~1\LimeWire
2010-07-26 21:33:57 65536 ----a-w- c:\windows\IFinst27.exe
2010-07-25 06:15:28 0 d-----w- c:\program files\CamStudio
2010-07-21 17:37:40 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-21 17:37:40 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-21 17:37:37 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-21 17:37:35 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-21 17:37:31 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-21 17:37:26 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-21 17:37:22 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-21 17:37:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-21 13:52:57 0 d-----w- c:\program files\Conduit
2010-07-20 17:22:33 121799 ----a-w- C:\smap.tmp0
2010-07-18 20:14:16 0 d-----w- c:\docume~1\user\applic~1\IMVU
2010-07-18 20:10:53 0 d-----w- c:\docume~1\user\applic~1\IMVUClient
2010-07-15 18:01:25 25600 -c--a-w- c:\windows\system32\dllcache\hidbth.sys
2010-07-15 18:01:25 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
2010-07-13 08:38:09 51360 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2010-07-13 08:38:09 51360 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2010-07-13 08:38:08 362656 ----a-w- c:\windows\system32\CMStarterCore.exe
2010-07-10 04:33:00 0 d-----w- C:\Games
2010-07-10 03:04:37 92728 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
==================== Find3M ====================
2010-06-24 00:28:48 258352 ----a-w- c:\windows\system32\unicows.dll
2010-06-23 01:37:17 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2010-06-17 00:03:53 45 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-06-17 00:03:50 87 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-06-14 20:38:40 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat
2010-06-14 14:24:15 76712 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-08-11 20:00:47 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-08-20 12:12:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-02-24 16:01:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010022420100225\index.dat
============= FINISH: 22:20:22.00 ===============
DDS Attachment
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2010 11:06:34 AM
System Uptime: 8/6/2010 10:15:32 AM (12 hours ago)
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 37.602 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP198: 7/22/2010 12:30:38 AM - Installed DirectX
RP199: 7/22/2010 7:51:54 PM - Removed Joymax\Deco Online
RP200: 7/23/2010 5:30:49 PM - Software Distribution Service 3.0
RP201: 7/24/2010 5:30:06 PM - Software Distribution Service 3.0
RP202: 7/25/2010 1:43:52 AM - Software Distribution Service 3.0
RP203: 7/26/2010 3:36:11 PM - System Checkpoint
RP204: 7/26/2010 5:29:30 PM - Software Distribution Service 3.0
RP205: 7/28/2010 5:48:32 AM - Software Distribution Service 3.0
RP206: 7/29/2010 5:42:50 AM - Software Distribution Service 3.0
RP207: 7/31/2010 8:18:41 AM - ComboFix created restore point
RP208: 7/31/2010 8:26:06 PM - Software Distribution Service 3.0
RP209: 8/2/2010 4:02:17 AM - System Checkpoint
RP210: 8/3/2010 4:54:29 AM - System Checkpoint
RP211: 8/3/2010 9:48:51 AM - Software Distribution Service 3.0
RP212: 8/3/2010 8:04:24 PM - Removed WinZip 14.5
RP213: 8/3/2010 8:07:33 PM - Installed WinZip 14.5
RP214: 8/4/2010 10:28:17 AM - Software Distribution Service 3.0
RP215: 8/4/2010 10:39:55 AM - Software Distribution Service 3.0
RP216: 8/5/2010 2:41:09 PM - Software Distribution Service 3.0
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUS USB2.0 UVC VGA WebCam
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
CamStudio
Data Sync
Dream Of Mirror Online
Eee Docking 1.3.6.0
EeeSplendid
FontResizer
GIMP 2.6.8
HijackThis 2.0.2
HolyBeast
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IMVU Avatar Chat Software
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
LiveUpdate
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XNA Framework Redistributable 2.0
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
Pando Media Booster
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Super Hybrid Engine
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
VirtualCloneDrive
WebFldrs XP
Webzen Game Starter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 14.5
==== Event Viewer Messages From Past Week ========
8/6/2010 8:42:59 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0025D38BD333 has been denied by the DHCP server 192.168.31.1 (The DHCP Server sent a DHCPNACK message).
8/6/2010 10:58:16 AM, error: Dhcp [1002] - The IP address lease 192.168.31.108 for the Network Card with network address 0025D38BD333 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/3/2010 6:17:43 PM, error: System Error [1003] - Error code 1000000a, parameter1 000016d4, parameter2 0000001c, parameter3 00000000, parameter4 804ffa24.
8/3/2010 11:18:50 AM, error: PSched [14103] - QoS [Adapter {F733CDBA-2935-4F1F-86F8-AEFF5118F129}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
8/2/2010 7:49:23 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
8/2/2010 7:48:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/2/2010 7:37:10 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/2/2010 7:25:14 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0025D38BD333. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/1/2010 2:17:51 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/1/2010 10:49:07 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Agent.FA&threatid=2147594441 User: YOUR-IMXQSVWI2H\User Name: Trojan:JS/Agent.FA ID: 2147594441 Severity: High Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.87.976.0, AS: 1.87.976.0 Engine Version: 1.1.6004.0
7/31/2010 8:46:24 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The system cannot find the path specified.
7/31/2010 8:46:24 AM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/31/2010 8:45:14 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/31/2010 8:45:14 AM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the path specified.
7/31/2010 8:45:14 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/31/2010 8:34:13 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/31/2010 8:21:36 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
7/31/2010 8:12:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/30/2010 8:33:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\isignup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
7/30/2010 8:33:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:18 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwtutor.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
7/30/2010 8:33:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwhelp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwdl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn2.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:11 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\trialoc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
7/30/2010 8:33:11 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\inetwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:11 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn1.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwutil.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwrmind.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/30/2010 8:33:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
7/30/2010 8:32:50 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
7/30/2010 8:32:50 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
7/30/2010 7:47:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.817.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/30/2010 7:37:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0025D38BD333 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/30/2010 10:35:13 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
7/30/2010 10:25:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0025D38BD333 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Please download JavaRa
If you get this message:
Problems with the download? Please use this direct link or try another mirror.
Select the Direct link download unzip it to your Desktop.
Double click JavaRa.exe then click Remove Older Versions.
Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
Next, open JavaRa.exe again, and select Search For Updates.
Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..
In Vista and Windows 7 run the tool as Administrator.
====
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply.
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Inumaru 0 Newbie Poster
JavaRa log
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sat Aug 07 01:35:30 2010
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sat Aug 07 01:35:35 2010
------------------------------------
Finished reporting.
COMBOFIX Log
ComboFix 10-08-06.01 - User 08/07/2010 2:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.551 [GMT -4:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.
2010-08-07 05:49 . 2010-08-07 05:49 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 05:48 . 2010-08-07 05:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-06 01:16 . 2010-08-06 01:17 24258440 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\installer\SetupImvu_update.exe
2010-08-05 18:19 . 2010-08-05 18:19 97200 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\IMVUupdater.exe
2010-08-05 18:19 . 2010-08-05 18:19 52992 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\IMVUClient.exe
2010-08-05 18:19 . 2010-08-05 18:19 21760 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-08-04 00:12 . 2010-08-04 00:12 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\TheSpartan
2010-08-02 21:17 . 2010-08-02 21:17 1347584 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\SceneWindow.dll
2010-07-31 13:28 . 2010-07-31 13:28 -------- d-----w- c:\program files\Trend Micro
2010-07-30 23:37 . 2010-07-30 23:37 121856 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\WriteMiniDump.exe
2010-07-30 23:35 . 2010-07-30 23:35 46592 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-07-30 23:35 . 2010-07-30 23:35 54784 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2010-07-30 23:34 . 2010-07-30 23:34 81408 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ParticleLib.dll
2010-07-30 23:34 . 2010-07-30 23:34 16896 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\MemoryHook.dll
2010-07-30 23:34 . 2010-07-30 23:34 297984 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\cal3d.dll
2010-07-30 23:33 . 2010-07-30 23:33 202752 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\boost_python.dll
2010-07-30 23:33 . 2010-07-30 23:33 32256 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\CallStack.dll
2010-07-30 23:33 . 2010-07-30 23:33 224768 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\audiere.dll
2010-07-28 21:14 . 2010-07-28 21:14 348160 ----a-w- c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2010-07-28 21:13 . 2010-07-29 13:02 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-07-27 16:36 . 2010-07-27 16:36 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-27 11:26 . 2010-07-27 11:26 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-26 21:33 . 2010-07-26 21:33 65536 ----a-w- c:\windows\IFinst27.exe
2010-07-25 06:15 . 2010-07-26 00:11 -------- d-----w- c:\program files\CamStudio
2010-07-21 17:37 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-21 17:37 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-21 17:37 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-21 17:37 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-21 17:37 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-21 17:37 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-21 17:37 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-21 17:37 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-21 13:53 . 2010-07-21 13:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Conduit
2010-07-21 13:52 . 2010-07-21 13:52 -------- d-----w- c:\program files\Conduit
2010-07-21 13:52 . 2010-07-21 13:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\OnRPG
2010-07-18 20:14 . 2010-08-07 04:58 -------- d-----w- c:\documents and settings\User\Application Data\IMVU
2010-07-18 20:13 . 2010-08-06 01:19 77384 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\Uninstall.exe
2010-07-18 20:10 . 2010-08-06 01:16 -------- d-----w- c:\documents and settings\User\Application Data\IMVUClient
2010-07-15 18:01 . 2008-04-14 04:16 25600 -c--a-w- c:\windows\system32\dllcache\hidbth.sys
2010-07-15 18:01 . 2008-04-14 04:16 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
2010-07-13 08:38 . 2010-03-19 16:33 51360 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2010-07-13 08:38 . 2010-03-19 16:33 51360 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2010-07-13 08:38 . 2010-03-19 16:33 362656 ----a-w- c:\windows\system32\CMStarterCore.exe
2010-07-10 04:33 . 2010-07-10 04:33 -------- d-----w- C:\Games
2010-07-10 03:04 . 2010-07-21 19:09 92728 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-10 03:04 . 2010-07-10 03:04 8224 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 01:10 . 2010-07-09 01:10 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogiShrd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 06:02 . 2010-03-23 23:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-07 05:44 . 2010-02-24 16:40 -------- d-----w- c:\program files\Java
2010-08-07 02:56 . 2010-05-16 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 00:09 . 2010-04-24 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-31 03:14 . 2010-03-20 05:47 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2010-07-31 01:20 . 2009-08-11 19:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 12:25 . 2010-06-10 19:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-22 03:03 . 2010-03-30 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-21 13:38 . 2009-08-11 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 11:17 . 2009-08-11 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 04:29 . 2010-06-24 00:27 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2010-07-10 02:59 . 2010-05-15 15:19 -------- d-----w- c:\program files\LimeWire
2010-07-10 02:55 . 2010-07-06 09:29 -------- d-----w- c:\program files\iTunes
2010-07-06 11:31 . 2010-07-06 11:31 -------- d-----w- c:\program files\MSXML 4.0
2010-07-06 09:55 . 2010-07-06 09:55 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-06 09:16 . 2010-03-09 19:59 -------- d-----w- c:\program files\Common Files\Apple
2010-07-06 09:08 . 2010-03-09 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-04 00:07 . 2010-07-04 00:06 -------- d-----w- c:\program files\QuickTime
2010-07-04 00:05 . 2010-07-04 00:05 -------- d-----w- c:\program files\Bonjour
2010-06-30 08:15 . 2010-02-24 20:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-24 00:28 . 2010-06-24 02:15 258352 ----a-w- c:\windows\system32\unicows.dll
2010-06-23 23:55 . 2010-06-20 16:00 -------- d-----w- c:\documents and settings\User\Application Data\SWF.max
2010-06-23 01:37 . 2010-06-23 00:57 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2010-06-22 05:12 . 2010-06-22 05:11 394087 ----a-w- c:\documents and settings\User\Application Data\OpenCandy\957B047A95DF43B1A993DAA16899EC6C\DBC_WrappedBING.exe
2010-06-22 05:11 . 2010-06-22 05:11 -------- d-----w- c:\documents and settings\User\Application Data\OpenCandy
2010-06-22 05:11 . 2010-06-22 05:11 257257 ----a-w- c:\documents and settings\User\Application Data\OpenCandy\OpenCandy_957B047A95DF43B1A993DAA16899EC6C\BINGDlmgr3.exe
2010-06-20 21:48 . 2010-05-02 20:39 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-17 00:03 . 2010-02-25 00:53 45 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-06-17 00:03 . 2010-02-25 00:55 87 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-06-16 19:55 . 2010-03-12 02:27 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2010-06-16 06:07 . 2010-05-01 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-16 06:06 . 2010-06-16 06:12 53632 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-15 16:31 . 2010-06-15 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-15 00:42 . 2010-06-15 00:42 -------- d-----w- c:\documents and settings\User\Application Data\SYSTEMAX Software Development
2010-06-15 00:42 . 2010-06-15 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2010-06-14 20:38 . 2010-06-14 20:38 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-06-14 14:31 . 2009-08-11 13:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 14:24 . 2010-06-14 14:24 76712 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-09 21:00 . 2010-06-09 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 21:00 . 2010-06-09 21:00 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-08 18:41 . 2010-02-24 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-08 01:43 . 2010-06-08 01:43 84480 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-06-01 17:37 . 2010-02-24 20:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 18:49 . 2010-05-27 18:49 3771296 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ui\plugins\NPSWF32.dll
2010-05-27 18:49 . 2010-05-27 18:49 7506576 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\1VivoxVoice.exe
2010-05-27 18:49 . 2010-05-27 18:49 4792976 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\vivoxsdk.dll
2010-05-27 18:49 . 2010-05-27 18:49 330896 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\libsndfile-1.dll
2010-05-27 18:49 . 2010-05-27 18:49 275088 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\vivoxoal.dll
2010-05-27 18:49 . 2010-05-27 18:49 266384 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\npvivoxvoiceplugin.dll
2010-05-27 18:49 . 2010-05-27 18:49 246416 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ortp.dll
2010-05-27 18:49 . 2010-05-27 18:49 184832 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\ssleay32.dll
2010-05-27 18:49 . 2010-05-27 18:49 1034896 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\dbghelp.dll
2010-05-27 18:49 . 2010-05-27 18:49 1006080 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\libeay32.dll
2010-05-27 18:42 . 2010-05-27 18:42 271929 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\pixomatic.dll
2010-05-27 18:37 . 2010-05-27 18:37 49664 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\w9xpopen.exe
2010-05-27 18:37 . 2010-05-27 18:37 353280 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\pythoncom26.dll
2010-05-27 18:37 . 2010-05-27 18:37 2251264 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\python26.dll
2010-05-27 18:37 . 2010-05-27 18:37 110080 ----a-w- c:\documents and settings\User\Application Data\IMVUClient\pywintypes26.dll
2010-05-24 02:16 . 2010-05-24 02:16 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ced2bd0-n\msvcr71.dll
2010-05-24 02:16 . 2010-05-24 02:16 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ced2bd0-n\msvcp71.dll
2010-05-24 02:16 . 2010-05-24 02:16 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ced2bd0-n\jmc.dll
2010-05-24 02:16 . 2010-05-24 02:16 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-57eb9b11-n\decora-sse.dll
2010-05-24 02:16 . 2010-05-24 02:16 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-57eb9b11-n\decora-d3d.dll
2010-05-19 20:25 . 2010-05-19 20:25 37248 ----a-w- c:\windows\system32\drivers\ISAPNP.SYS
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-07-31_12.45.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-07 06:01 . 2010-08-07 06:01 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2010-08-07 06:01 . 2010-08-07 06:01 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat
- 2010-03-16 20:31 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-03-16 20:31 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2009-08-20 12:10 . 2010-08-07 05:53 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-20 12:10 . 2010-08-07 05:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-20 12:10 . 2010-07-31 12:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-02-24 16:06 . 2009-08-20 12:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-02-24 16:06 . 2010-08-07 04:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2009-08-20 12:10 . 2010-07-31 12:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-20 12:10 . 2010-08-07 05:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-04 00:08 . 2010-08-04 00:08 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
- 2010-06-09 20:11 . 2010-06-09 20:11 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
+ 2010-08-07 04:05 . 2010-08-07 04:05 7024 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat
+ 2010-08-07 05:48 . 2010-08-07 05:48 153376 c:\windows\system32\javaws.exe
- 2010-02-24 16:41 . 2010-02-24 16:40 153376 c:\windows\system32\javaws.exe
+ 2010-08-07 05:48 . 2010-08-07 05:48 145184 c:\windows\system32\javaw.exe
- 2010-02-24 16:41 . 2010-02-24 16:40 145184 c:\windows\system32\javaw.exe
+ 2010-08-07 05:48 . 2010-08-07 05:48 145184 c:\windows\system32\java.exe
- 2010-02-24 16:41 . 2010-02-24 16:40 145184 c:\windows\system32\java.exe
+ 2010-08-07 05:49 . 2010-08-07 05:49 180224 c:\windows\Installer\2bbfb6.msi
+ 2010-08-07 05:48 . 2010-08-07 05:48 676352 c:\windows\Installer\2bbfa8.msi
+ 2010-08-07 05:45 . 2010-08-07 05:45 533504 c:\windows\Installer\2bbd27.msi
- 2010-06-09 20:11 . 2010-06-09 20:11 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
+ 2010-08-04 00:08 . 2010-08-04 00:08 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
+ 2009-08-11 13:03 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2009-08-11 13:03 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-08-04 00:08 . 2010-08-04 00:08 1544192 c:\windows\Installer\63e8a8.msi
+ 2010-08-04 00:11 . 2010-08-04 00:11 3489792 c:\windows\assembly\GAC_MSIL\DevComponents.DotNetBar2\8.1.0.6__5fd520d36328f741\DevComponents.DotNetBar2.dll
- 2010-02-24 20:02 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-02-24 20:02 . 2010-07-02 16:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-30 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
c:\documents and settings\User\Start Menu\Programs\Startup\
IMVU.lnk - c:\documents and settings\User\Application Data\IMVUClient\IMVUQualityAgent.exe [2010-8-5 21760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-09-12 05:58 229952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\User\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56405:TCP"= 56405:TCP:Pando Media Booster
"56405:UDP"= 56405:UDP:Pando Media Booster
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2009 9:03 AM 14336]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 9:59 PM 49664]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 1:47 AM 39296]
S1 MpKsl21c9af91;MpKsl21c9af91;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{908E8C7F-C496-443F-9BA2-BFEA32695D1F}\MpKsl21c9af91.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{908E8C7F-C496-443F-9BA2-BFEA32695D1F}\MpKsl21c9af91.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 3:00 PM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [6/23/2010 11:00 PM 36480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/16/2010 4:06 PM 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 8:24 AM 1015424]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-08-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15438&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ij42qg7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://xinumarux.deviantart.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 02:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,96,23,d0,58,bf,e2,4a,9e,fb,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,96,23,d0,58,bf,e2,4a,9e,fb,8c,\
.
Completion time: 2010-08-07 02:17:45
ComboFix-quarantined-files.txt 2010-08-07 06:17
ComboFix2.txt 2010-07-31 12:53
Pre-Run: 39,495,651,328 bytes free
Post-Run: 40,096,116,736 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9E1AC2B84ED895589F441F4DF58DD3E8
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Looks ok. How are things now?
Inumaru 0 Newbie Poster
Perfect, Thanks you for your help!~
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Let's get rid of Combofix now that we are finished with it.
- Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.