This has been going on for about a week now with a friend of mine who uses AIM. Since last Thursday, I've been having trouble communicating with her through AIM or any other client I've tried in which I've used AIM to contact her, be it AOL Instant Messenger itself, Gaim/Pidgin, Trillian, Meebo, and the like, and I've attempted to contact said friend across several different screennames.
She hasn't blocked me, as I can clearly SEE her online, and she isn't just ignoring me as we can talk (albeit in limited capacity) on other clients or web apps. At one point, we figured it was something wrong with her computer, but once we eliminated that, we settled on the likelihood that it might be something wrong on my end. I traced these instances back to last Thursday, as I recalled that this was the day I installed another IM program, QQ, to my system and since then, I haven't been able to talk to her over AIM. Strangely, I can message just about everyone else on my list, but this one individual is just weird. I suspect that there may be some others to whom my IMs aren't reaching, but this person has been the most notable so far. Since then, I've removed QQ and deleted its registries, and have attempted to run several cleanups of my computer, as well as change the port and host through which AIM connects, but I've had no luck so far.
My friend really only uses AIM and Facebook IM (and that's broken beyond belief as is). She doesn't use any other clients, so I can't have her switch to those. I'm trying to do as much as possible short of reformatting my computer to try and fix what might have gone wrong. I couldn't even perform a system restore because by the time I'd realized what might have been the issue, system restore had already bumped out the restore point for last Thursday.
I performed the requested scans and this is what I got:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4807
Windows 6.1.7600
Internet Explorer 8.0.7600.1638510/13/2010 2:22:37 AM
mbam-log-2010-10-13 (02-22-37).txtScan type: Full scan (C:\|)
Objects scanned: 468046
Time elapsed: 1 hour(s), 49 minute(s), 6 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.Folders Infected:
(No malicious items detected)Files Infected:
(No malicious items detected)
DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Ike Adibe at 2:56:08.70 on Wed 10/13/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.1775 [GMT -4:00]
============== Running Processes ===============C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\ASWLSVC.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\SysWOW64\ASWL2K.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ike Adibe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Users\Ike Adibe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Users\Ike Adibe\AppData\Local\Apps\2.0\16NHRL5D.LLJ\QB2AM79V.L29\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ike Adibe\Desktop\dds.scr
C:\Windows\system32\conhost.exe============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360110a235l0374z165t59k2x736
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Ike Adibe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spark] C:\Program Files (x86)\Spark\Spark.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Ike Adibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\IKEADI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ike Adibe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\IKEADI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
mRun-x64: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"================= FIREFOX ===================
FF - ProfilePath - C:\Users\IKEADI~1\AppData\Roaming\Mozilla\Firefox\Profiles\dnwssuy3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=09-05-2010&tb_mrud=09-05-2010
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=09-05-2010&tb_mrud=09-05-2010&query=
FF - component: C:\Users\Ike Adibe\AppData\Roaming\Mozilla\Firefox\Profiles\dnwssuy3.default\extensions\TwentyTenBuddy@ReduxTeam\components\dwmxpcom.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Ike Adibe\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ike Adibe\AppData\Roaming\Mozilla\Firefox\Profiles\dnwssuy3.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: C:\Users\Ike Adibe\AppData\Roaming\Mozilla\Firefox\Profiles\dnwssuy3.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref
(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-
external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falseC:\Program
Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);============= SERVICES / DRIVERS ===============
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-2-11 74880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-6 58880]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]============== File Associations ===============
txtfile=C:\Windows\notepad.exe %1
=============== Created Last 30 ================
2010-10-13 06:49:42 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\Adobe
2010-10-13 04:30:08 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\Malwarebytes
2010-10-13 04:29:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-13 04:29:40 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-13 04:29:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-13 04:29:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-13 02:12:10 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\Trillian
2010-10-12 23:12:08 -------- d-----w- C:\PROGRA~3\AIM
2010-10-12 23:12:03 -------- d-----w- C:\Program Files (x86)\AIM
2010-10-12 23:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2010-10-12 10:38:33 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{29CE0746-A4E2-4B0B-863E-E33B316E8FAF}\mpengine.dll
2010-10-12 03:16:59 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\GlarySoft
2010-10-12 03:04:50 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2010-10-10 23:31:59 -------- d-----w- C:\XMPPProject
2010-10-10 22:51:35 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\Eclipse
2010-10-10 22:51:24 -------- d-----w- C:\Rhyme
2010-10-10 21:02:54 -------- d-----w- C:\Users\Ike Adibe\.jmf
2010-10-10 20:34:04 -------- d-----w- C:\Openfire
2010-10-10 18:57:41 -------- d-----w- C:\Users\Ike Adibe\Spark
2010-10-10 18:53:33 -------- d-----w- C:\Program Files (x86)\Spark
2010-10-10 18:05:29 -------- d-----w- C:\Program Files (x86)\Openfire
2010-10-10 06:59:56 -------- d-----w- C:\Sun
2010-10-10 06:36:56 -------- d-----w- C:\eclipse
2010-10-10 00:47:14 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\Temporary Projects
2010-10-10 00:32:16 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-10-10 00:32:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-10-10 00:32:03 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-10-10 00:32:03 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-10-10 00:31:00 -------- d-----w- C:\Windows\System32\RsFx
2010-10-10 00:29:28 -------- d-----w- C:\Windows\SysWow64\1033
2010-10-10 00:29:28 -------- d-----w- C:\Windows\System32\1033
2010-10-10 00:26:52 -------- d-----w- C:\Program Files\Microsoft SQL Server
2010-10-10 00:24:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2010-10-10 00:24:17 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2010-10-10 00:24:17 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2010-10-10 00:24:11 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2010-10-10 00:23:58 205984 ----a-w- C:\PROGRA~3\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-10-10 00:20:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2010-10-10 00:19:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2010-10-10 00:19:21 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2010-10-09 23:51:20 -------- d-----w- C:\Program Files (x86)\BPL V1.1
2010-10-09 20:08:16 -------- d-----w- C:\Users\Ike Adibe\bluej
2010-10-09 20:07:06 -------- d-----w- C:\BlueJ
2010-10-09 17:55:10 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\geany
2010-10-09 17:50:57 -------- d-----w- C:\Program Files (x86)\Geany
2010-10-09 09:54:05 -------- d-----w- C:\Users\Ike Adibe\.netbeans
2010-10-09 09:53:49 -------- d-----w- C:\Users\Ike Adibe\.netbeans-registration
2010-10-09 09:51:30 -------- d-----w- C:\Program Files (x86)\glassfish-3.0.1
2010-10-09 09:37:00 -------- d-----w- C:\Program Files (x86)\NetBeans 6.9.1
2010-10-09 08:35:29 -------- d-----w- C:\Users\Ike Adibe\.nbi
2010-10-09 06:16:30 -------- d-----w- C:\Users\Ike Adibe\.idlerc
2010-10-09 06:06:37 -------- d-----w- C:\Python27
2010-10-07 04:11:05 106496 ----a-r- C:\Users\IKEADI~1\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2010-10-07 04:11:05 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2010-10-07 04:06:25 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
2010-10-07 04:06:25 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\Tencent
2010-09-30 08:48:00 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\dantarion.com
2010-09-29 20:48:41 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\NetMedia Providers
2010-09-29 20:40:08 -------- d-----w- C:\Program Files (x86)\Sony
2010-09-29 20:38:31 -------- d-----w- C:\Program Files\Sony
2010-09-29 19:43:53 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\Sony
2010-09-29 18:45:12 -------- d-----w- C:\Program Files (x86)\Sony Setup
2010-09-29 04:33:47 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 04:33:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 04:15:53 -------- d-----w- C:\PROGRA~3\Viewpoint
2010-09-29 04:15:52 -------- d-----w- C:\Program Files (x86)\Viewpoint
2010-09-29 04:15:52 -------- d-----w- C:\Program Files (x86)\AOD
2010-09-28 23:51:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 23:51:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 23:50:43 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 23:50:43 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-20 15:56:05 -------- d-----w- C:\Users\IKEADI~1\AppData\Local\Thunderbird
2010-09-18 06:47:36 -------- d-----w- C:\Users\IKEADI~1\AppData\Roaming\RenPy
2010-09-15 04:19:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe==================== Find3M ====================
2010-10-10 22:39:46 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-09 17:55:53 1890 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2010-10-05 07:10:23 1682 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2010-08-24 16:09:54 88 --sh--r- C:\PROGRA~3\261FAC9FDC.sys
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll============= FINISH: 2:58:00.77 ===============
GMER didn't pull up any rootkits during its scan. I've also included Attach.txt in a zip file as requested from DDS.
I greatly appreciate any insight anyone may have on this matter! :)