11 replies to this topic

[randolphr]

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Randolph at 3:27:18 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.283 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Randolph\Application Data\mjusbsp\st00000\mjsetup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Randolph\Application Data\mjusbsp\magicJack.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {fe698a24-d038-4282-b540-4bfbac2d2ae6} - c:\windows\system32\AudDesign32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\randolph\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258017400906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258083680796
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{7E563539-5019-4530-94BC-C9E3FD5C9293} : DhcpNameServer = 68.87.69.150 68.87.85.102
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randolph\application data\mozilla\firefox\profiles\m98uu5g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50505
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\randolph\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\randolph\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-16 13496]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-12 366640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-12 22712]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2009-12-16 110752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providercomcast\bin\tgsrvc.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-2-17 16512]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-14 25704]
.
=============== Created Last 30 ================
.
2011-08-02 10:26:57 607017 ------r- c:\program files\dds.scr
2011-08-02 09:50:24 50477 ----a-w- c:\program files\Defogger.exe
2011-08-02 09:21:32 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1e2d8d44-89ab-4b29-b378-2e12bc1c4f02}\mpengine.dll
2011-07-30 02:42:18 343040 ----a-w- c:\windows\system32\AudDesign32.dll
2011-07-28 07:32:20 3081376 ----a-w- c:\program files\install_flash_player.exe
2011-07-26 11:15:12 0 ---ha-w- c:\documents and settings\randolph\tklwnvwzsp.tmp
2011-07-23 13:28:08 -------- d-----w- c:\program files\InfraRecorder
2011-07-23 13:27:46 2526968 ----a-w- c:\program files\ir043_ansi.exe
2011-07-23 11:48:50 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe
2011-07-21 23:35:43 -------- d-----w- c:\program files\iPod
2011-07-21 23:35:37 -------- d-----w- c:\program files\iTunes
2011-07-21 23:30:31 -------- d-----w- c:\program files\Bonjour
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-07-28 08:44:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 21:24:51 23126064 ----a-w- c:\program files\avc-free.exe
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 12:21:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2011-06-29 00:01:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-19 04:13:31 3331742 ----a-w- c:\program files\streamtransport_setup.exe
2011-06-11 14:15:07 1402880 ----a-w- c:\program files\HijackThis.msi
2011-06-04 04:15:32 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 15:09:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2011-05-31 15:06:22 25685128 ----a-w- c:\program files\wordview_en-us.exe
2011-05-30 08:38:20 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-30 08:38:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-30 08:36:00 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 18:36:36 51 ----a-w- c:\windows\SW_Win9423X24.DLL
2011-05-22 01:30:51 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe
2011-05-20 04:56:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 04:56:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-15 11:09:43 2599696 ----a-w- c:\program files\setup.exe
2011-05-04 03:14:46 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe
2011-05-04 03:11:39 907264 ----a-w- c:\program files\cruler2.exe
2011-04-26 01:20:31 20240744 ----a-w- c:\program files\gimp-2.6.11-i686-setup.exe
2011-04-24 08:46:27 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe
2011-04-23 21:53:06 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe
2011-04-16 10:06:16 4349192 ----a-w- c:\program files\DefragSetup.exe
2011-04-12 19:32:07 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe
2011-04-10 01:44:29 13719264 ----a-w- c:\program files\aTube_Catcher.exe
2011-04-04 00:55:19 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe
2011-03-31 04:04:40 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe
2011-03-22 20:25:59 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe
2011-03-21 14:58:26 3436936 ----a-w- c:\program files\sd2setup.exe
2011-02-20 01:17:09 292184 ----a-w- c:\program files\dxwebsetup.exe
2011-02-06 18:40:54 883488 ----a-w- c:\program files\JavaSetup6u23.exe
2010-12-27 01:31:39 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe
2010-12-23 12:14:23 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe
2010-12-19 02:22:51 4734152 ----a-w- c:\program files\CITP.EXE
2010-12-09 21:22:03 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe
2010-12-09 21:06:23 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe
2010-12-09 08:54:50 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe
2010-12-02 16:44:51 5489976 ----a-w- c:\program files\fey-converter-setup.exe
2010-12-02 16:32:28 2546984 ----a-w- c:\program files\megamind-converter-setup.exe
2010-11-30 07:03:02 568648 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-11-24 09:48:06 907010 ----a-w- c:\program files\vidmex.exe
2010-11-23 04:45:31 1391616 ----a-w- c:\program files\iview427_setup.exe
2010-11-13 15:59:20 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-11-01 20:44:29 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe
2010-10-15 18:51:08 6274424 ----a-w- c:\program files\Silverlight.exe
2010-09-17 02:14:24 554256 ----a-w- c:\program files\Mats_Run.dvd.exe
2010-09-01 11:08:57 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-08-31 12:21:27 43594664 ----a-w- c:\program files\DivXInstaller.exe
2010-07-24 06:54:10 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe
2010-06-02 08:05:13 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-05-22 09:11:53 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe
2010-05-18 07:06:44 368112 ----a-w- c:\program files\X16-69453_DLM.exe
2010-05-17 06:23:49 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe
2010-05-07 03:43:14 833003 ----a-w- c:\program files\youtubesetup.exe
2010-04-23 01:49:44 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe
2010-04-05 03:27:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe
2010-04-02 06:15:23 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe
2010-03-26 02:42:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe
2010-03-24 04:24:01 916858 ----a-w- c:\program files\simpopdf2text.exe
2010-03-22 21:30:04 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe
2010-03-12 02:14:11 609746 ----a-w- c:\program files\121495_ENU_ia64_zip.exe
2010-03-09 00:03:46 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe
2010-03-08 23:54:08 818200 ----a-w- c:\program files\RealPlayerSPGold.exe
2010-03-08 23:21:02 1486161 ----a-w- c:\program files\tralih250164.exe
2010-03-07 19:59:36 647728 ----a-w- c:\program files\R92578.EXE
2010-03-03 22:55:05 1288264 ----a-w- c:\program files\Setup117_uk.exe
2010-02-22 07:50:01 741331 ----a-w- c:\program files\End Task 1.0 setup.exe
2010-02-19 05:45:45 12417842 ----a-w- c:\program files\klcodec520f.exe
2010-02-19 05:43:19 8666733 ----a-w- c:\program files\vdm_free.exe
2010-02-12 03:59:51 939956 ----a-w- c:\program files\7z465.exe
2010-02-08 06:44:36 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe
2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe
2010-01-15 02:14:44 289584 ----a-w- c:\program files\utorrent.exe
2010-01-14 23:36:24 769120 ----a-w- c:\program files\avira_antivir_premium.exe
2010-01-12 18:23:39 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe
2010-01-06 06:33:09 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe
2009-12-20 00:23:50 2549024 ----a-w- c:\program files\eac-0.99pb5.exe
2009-12-18 19:24:34 2125249 ----a-w- c:\program files\burrrn_package.exe
2009-12-16 23:32:07 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe
2009-12-16 23:23:29 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe
2009-12-16 23:21:17 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe
2009-11-24 03:23:22 6973056 ----a-w- c:\program files\antispyware.exe
2009-11-14 13:56:27 13042504 ----a-w- c:\program files\WMEncoder64.exe
2009-11-14 13:50:34 9918872 ----a-w- c:\program files\WMEncoder.exe
2009-11-14 12:43:11 7405568 ----a-w- c:\program files\xVST_2_3-static.msi
2009-11-14 12:32:39 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe
2009-11-14 11:31:40 10044064 ----a-w- c:\program files\cinemaforge.exe
2009-11-13 21:14:36 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe
2009-11-13 06:33:56 1374154 ----a-w- c:\program files\wrar390.exe
2009-11-13 03:57:13 339257 ----a-w- c:\program files\CleanUp452.exe
2009-11-12 11:54:49 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe
2009-11-12 11:52:15 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-11-12 11:50:44 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
2009-11-12 11:48:01 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-11-12 11:43:53 4045528 ----a-w- c:\program files\mbam-setup.exe
2006-12-02 17:26:02 2572288 ----a-w- c:\program files\DCEz.exe
.
============= FINISH: 3:29:42.98 ===============

Attached Files

•  ark.zip   1.35K   16 downloads
•  attach.zip   5.17K   10 downloads

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[randolphr]

02:13:28 Randolph IP-BLOCK 125.65.112.212 (Type: incoming)
02:57:17 Randolph MESSAGE Scheduled update executed successfully
02:57:18 Randolph MESSAGE IP Protection stopped
02:58:21 Randolph MESSAGE Database updated successfully
02:58:36 Randolph MESSAGE IP Protection started successfully
09:13:18 Randolph MESSAGE IP Protection stopped
09:17:03 Randolph MESSAGE Database updated successfully
09:17:29 Randolph MESSAGE IP Protection started successfully
14:11:27 (null) MESSAGE Protection started successfully
14:19:50 Randolph MESSAGE IP Protection started successfully
14:23:33 (null) IP-BLOCK 58.218.199.250 (Type: incoming)
14:28:56 Randolph MESSAGE Protection started successfully
14:30:59 Randolph MESSAGE IP Protection started successfully
14:33:29 Randolph IP-BLOCK 58.218.199.227 (Type: incoming)
14:33:29 Randolph IP-BLOCK 58.218.199.227 (Type: incoming)
14:33:41 Randolph IP-BLOCK 221.192.199.49 (Type: incoming)
14:33:41 Randolph IP-BLOCK 221.192.199.49 (Type: incoming)

[randolphr]

Hi screen317, thank you for helping me out with. I very much appreciate your expertise.
Here is my ComboFix text & my new DDS log.


ComboFix 11-08-03.03 - Randolph 08/03/2011 15:06:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.427 [GMT -7:00]
Running from: c:\program files\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\install.rdf
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome.manifest
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome\xulcache.jar
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\defaults\preferences\xulcache.js
c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\install.rdf
c:\documents and settings\Randolph\tklwnvwzsp.tmp
c:\documents and settings\Randolph\WINDOWS
c:\program files\121495_ENU_ia64_zip.exe
c:\program files\messenger\msmsgsin.exe
c:\program files\Setup.exe
c:\windows\SW_Win9423X24.DLL
c:\windows\system32\_003544_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 21:54 . 2011-08-03 21:57 4163573 ------r- c:\program files\ComboFix.exe
2011-08-02 10:30 . 2011-08-02 10:31 302592 ----a-w- c:\program files\4nt2yvuo.exe
2011-08-02 10:26 . 2011-08-02 10:27 607017 ------r- c:\program files\dds.scr
2011-08-02 09:50 . 2011-08-02 09:50 50477 ----a-w- c:\program files\Defogger.exe
2011-08-02 09:21 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1E2D8D44-89AB-4B29-B378-2E12BC1C4F02}\mpengine.dll
2011-07-28 07:32 . 2011-07-28 07:32 3081376 ----a-w- c:\program files\install_flash_player.exe
2011-07-23 13:28 . 2011-07-23 13:30 -------- d-----w- c:\program files\InfraRecorder
2011-07-23 13:27 . 2011-07-23 13:27 2526968 ----a-w- c:\program files\ir043_ansi.exe
2011-07-23 11:55 . 2011-07-23 11:55 -------- d-----w- c:\documents and settings\Randolph\Application Data\ImgBurn
2011-07-23 11:49 . 2011-07-23 11:49 -------- d-----w- c:\program files\ImgBurn
2011-07-23 11:48 . 2011-07-23 11:48 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe
2011-07-21 23:35 . 2011-07-21 23:35 -------- d-----w- c:\program files\iPod
2011-07-21 23:35 . 2011-07-21 23:36 -------- d-----w- c:\program files\iTunes
2011-07-21 23:30 . 2011-07-21 23:30 -------- d-----w- c:\program files\Bonjour
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-28 08:44 . 2011-05-20 04:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2009-11-12 13:47 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-07 21:24 . 2009-11-14 08:56 23126064 ----a-w- c:\program files\avc-free.exe
2011-07-07 02:52 . 2009-11-12 11:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2009-11-12 11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 12:21 . 2009-11-12 09:13 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2011-06-29 00:01 . 2010-02-13 08:23 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-29 00:01 . 2009-11-12 12:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-19 04:13 . 2010-04-23 01:47 3331742 ----a-w- c:\program files\streamtransport_setup.exe
2011-06-11 14:15 . 2011-06-11 14:15 388096 ----a-r- c:\documents and settings\Randolph\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 14:15 . 2011-06-11 14:15 1402880 ----a-w- c:\program files\HijackThis.msi
2011-06-04 04:15 . 2010-02-13 08:16 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe
2011-06-02 14:02 . 2002-09-03 17:11 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 15:09 . 2011-05-31 15:09 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2011-05-31 15:06 . 2011-05-31 15:06 25685128 ----a-w- c:\program files\wordview_en-us.exe
2011-05-25 02:14 . 2009-11-12 13:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 01:30 . 2011-05-22 01:30 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe
2011-05-20 04:56 . 2010-06-29 02:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 04:56 . 2010-06-29 02:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-04 03:14 . 2011-05-04 03:14 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe
2011-05-04 03:11 . 2011-05-04 03:11 907264 ----a-w- c:\program files\cruler2.exe
2011-04-24 08:46 . 2011-04-24 08:46 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe
2011-04-23 21:53 . 2011-04-23 21:53 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe
2011-04-16 10:06 . 2009-12-25 03:37 4349192 ----a-w- c:\program files\DefragSetup.exe
2011-04-12 19:32 . 2011-04-12 19:31 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe
2011-04-10 01:44 . 2011-04-10 01:43 13719264 ----a-w- c:\program files\aTube_Catcher.exe
2011-04-04 00:55 . 2011-04-04 00:55 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe
2011-03-31 04:04 . 2011-03-31 04:04 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe
2011-03-22 20:25 . 2011-03-22 20:25 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe
2011-03-21 14:58 . 2011-03-21 14:58 3436936 ----a-w- c:\program files\sd2setup.exe
2011-02-20 01:17 . 2011-02-20 01:17 292184 ----a-w- c:\program files\dxwebsetup.exe
2011-02-06 18:40 . 2011-02-06 18:40 883488 ----a-w- c:\program files\JavaSetup6u23.exe
2010-12-27 01:31 . 2010-12-27 01:30 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe
2010-12-23 12:14 . 2011-01-12 18:48 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe
2010-12-19 02:22 . 2010-12-19 02:22 4734152 ----a-w- c:\program files\CITP.EXE
2010-12-09 21:22 . 2010-12-09 19:06 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe
2010-12-09 21:06 . 2010-12-09 21:06 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe
2010-12-09 08:54 . 2011-01-02 04:44 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe
2010-12-02 16:44 . 2010-12-02 16:44 5489976 ----a-w- c:\program files\fey-converter-setup.exe
2010-12-02 16:32 . 2010-12-02 16:32 2546984 ----a-w- c:\program files\megamind-converter-setup.exe
2010-11-30 07:03 . 2010-10-08 05:23 568648 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-11-24 09:48 . 2010-11-24 09:47 907010 ----a-w- c:\program files\vidmex.exe
2010-11-23 04:45 . 2010-11-23 04:45 1391616 ----a-w- c:\program files\iview427_setup.exe
2010-11-13 15:59 . 2011-01-04 09:18 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-11-01 20:44 . 2010-11-01 20:42 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe
2010-10-15 18:51 . 2010-10-15 18:50 6274424 ----a-w- c:\program files\Silverlight.exe
2010-09-17 02:14 . 2010-09-17 02:14 554256 ----a-w- c:\program files\Mats_Run.dvd.exe
2010-09-01 11:08 . 2010-09-01 11:08 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-08-31 12:21 . 2009-11-13 08:07 43594664 ----a-w- c:\program files\DivXInstaller.exe
2010-07-24 06:54 . 2010-07-24 06:54 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe
2010-06-02 08:05 . 2010-06-02 08:05 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-05-22 09:11 . 2010-05-22 09:11 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe
2010-05-18 07:06 . 2010-05-18 07:06 368112 ----a-w- c:\program files\X16-69453_DLM.exe
2010-05-17 06:23 . 2010-05-17 06:23 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe
2010-05-07 03:43 . 2010-03-26 03:20 833003 ----a-w- c:\program files\youtubesetup.exe
2010-04-23 01:49 . 2010-04-23 01:49 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe
2010-04-05 03:27 . 2010-04-05 03:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe
2010-04-02 06:15 . 2010-04-02 06:13 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe
2010-03-26 02:42 . 2010-03-26 02:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe
2010-03-24 04:24 . 2010-03-24 04:23 916858 ----a-w- c:\program files\simpopdf2text.exe
2010-03-22 21:30 . 2010-03-22 21:29 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe
2010-03-09 00:03 . 2010-03-09 00:03 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe
2010-03-08 23:54 . 2009-11-15 09:04 818200 ----a-w- c:\program files\RealPlayerSPGold.exe
2010-03-08 23:21 . 2010-03-08 23:20 1486161 ----a-w- c:\program files\tralih250164.exe
2010-03-07 19:59 . 2010-03-07 19:58 647728 ----a-w- c:\program files\R92578.EXE
2010-03-03 22:55 . 2010-03-03 22:55 1288264 ----a-w- c:\program files\Setup117_uk.exe
2010-02-22 07:50 . 2010-02-22 07:49 741331 ----a-w- c:\program files\End Task 1.0 setup.exe
2010-02-19 05:45 . 2010-02-19 05:45 12417842 ----a-w- c:\program files\klcodec520f.exe
2010-02-19 05:43 . 2010-02-19 05:43 8666733 ----a-w- c:\program files\vdm_free.exe
2010-02-12 03:59 . 2010-02-12 03:59 939956 ----a-w- c:\program files\7z465.exe
2010-02-08 06:44 . 2010-02-08 06:44 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe
2010-01-26 18:11 . 2010-12-05 14:14 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2010-01-15 02:14 . 2009-11-13 08:09 289584 ----a-w- c:\program files\utorrent.exe
2010-01-14 23:36 . 2010-01-14 23:35 769120 ----a-w- c:\program files\avira_antivir_premium.exe
2010-01-12 18:23 . 2010-01-12 18:23 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe
2009-12-20 00:23 . 2009-12-20 00:23 2549024 ----a-w- c:\program files\eac-0.99pb5.exe
2009-12-18 19:24 . 2009-12-18 19:24 2125249 ----a-w- c:\program files\burrrn_package.exe
2009-12-16 23:32 . 2009-12-16 23:31 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe
2009-12-16 23:23 . 2009-12-16 23:22 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe
2009-12-16 23:21 . 2009-12-16 23:20 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe
2009-11-24 03:23 . 2009-11-24 03:22 6973056 ----a-w- c:\program files\antispyware.exe
2009-11-14 13:56 . 2009-11-14 13:50 13042504 ----a-w- c:\program files\WMEncoder64.exe
2009-11-14 13:50 . 2009-11-14 13:50 9918872 ----a-w- c:\program files\WMEncoder.exe
2009-11-14 12:43 . 2009-11-14 12:42 7405568 ----a-w- c:\program files\xVST_2_3-static.msi
2009-11-14 12:32 . 2009-11-14 12:32 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe
2009-11-14 11:31 . 2009-11-14 11:30 10044064 ----a-w- c:\program files\cinemaforge.exe
2009-11-13 21:14 . 2009-11-13 21:14 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe
2009-11-13 06:33 . 2009-11-13 06:33 1374154 ----a-w- c:\program files\wrar390.exe
2009-11-13 03:57 . 2009-11-13 03:57 339257 ----a-w- c:\program files\CleanUp452.exe
2009-11-12 11:54 . 2009-11-12 11:54 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe
2009-11-12 11:52 . 2009-11-12 11:52 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-11-12 11:50 . 2009-11-12 11:50 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
2009-11-12 11:48 . 2009-11-12 11:47 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-11-12 11:43 . 2009-11-12 11:43 4045528 ----a-w- c:\program files\mbam-setup.exe
2006-12-02 17:26 . 2006-12-02 17:26 2572288 ----a-w- c:\program files\DCEz.exe
2006-10-01 18:00 . 2006-10-01 18:00 155648 ----a-w- c:\program files\DCAux2.dll
2006-09-14 11:39 . 2006-09-14 11:39 658944 ----a-w- c:\program files\WININET.dll
2006-07-12 16:01 . 2006-07-12 16:01 5732096 ----a-w- c:\program files\wmfdist95.exe
2005-10-16 17:22 . 2005-10-16 17:22 27136 ----a-w- c:\program files\AkRipDLL.dll
2003-07-09 00:46 . 2003-07-09 00:46 1718576 ----a-w- c:\program files\gdiplus.dll
2011-03-18 17:53 . 2011-03-22 20:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"cdloader"="c:\documents and settings\Randolph\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-20 273544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-16 21:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Randolph\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Randolph\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Randolph\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/16/2011 3:06 AM 13496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/13/2010 1:23 AM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/12/2009 4:44 AM 366640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 7:09 PM 50704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/12/2009 4:44 AM 22712]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [12/16/2009 4:44 PM 110752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 9:51 PM 135664]
S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providerComcast\bin\tgsrvc.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/17/2010 10:16 PM 16512]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 9:51 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/12/2009 4:44 AM 41272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 10:05 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/14/2009 1:56 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/14/2009 2:02 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/14/2009 2:02 AM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/14/2009 2:02 AM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/14/2009 2:02 AM 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2010-03-23 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4261532366.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:51]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:51]
.
2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-776561741-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-776561741-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-08-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 02:17]
.
2011-08-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-21 00:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
FF - ProfilePath - c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50505
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2011-08-03 15:48:02
ComboFix-quarantined-files.txt 2011-08-03 22:47
.
Pre-Run: 60,444,332,032 bytes free
Post-Run: 60,804,743,168 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - E441D118B01AB6BCAE72A1FC0EACF05B





.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Randolph at 16:11:41 on 2011-08-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.342 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\randolph\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258017400906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258083680796
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{7E563539-5019-4530-94BC-C9E3FD5C9293} : DhcpNameServer = 68.87.69.150 68.87.85.102
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randolph\application data\mozilla\firefox\profiles\m98uu5g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50505
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-16 13496]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-12 366640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-12 22712]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2009-12-16 110752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providercomcast\bin\tgsrvc.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-2-17 16512]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-12 41272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-14 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-14 25704]
.
=============== Created Last 30 ================
.
2011-08-03 22:01:47 -------- d-sha-r- C:\cmdcons
2011-08-03 21:58:43 98816 ----a-w- c:\windows\sed.exe
2011-08-03 21:58:43 518144 ----a-w- c:\windows\SWREG.exe
2011-08-03 21:58:43 256000 ----a-w- c:\windows\PEV.exe
2011-08-03 21:58:43 208896 ----a-w- c:\windows\MBR.exe
2011-08-03 21:54:13 4163573 ------r- c:\program files\ComboFix.exe
2011-08-02 10:30:58 302592 ----a-w- c:\program files\4nt2yvuo.exe
2011-08-02 10:26:57 607017 ------r- c:\program files\dds.scr
2011-08-02 09:50:24 50477 ----a-w- c:\program files\Defogger.exe
2011-08-02 09:21:32 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1e2d8d44-89ab-4b29-b378-2e12bc1c4f02}\mpengine.dll
2011-07-28 07:32:20 3081376 ----a-w- c:\program files\install_flash_player.exe
2011-07-23 13:28:08 -------- d-----w- c:\program files\InfraRecorder
2011-07-23 13:27:46 2526968 ----a-w- c:\program files\ir043_ansi.exe
2011-07-23 11:48:50 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe
2011-07-21 23:35:43 -------- d-----w- c:\program files\iPod
2011-07-21 23:35:37 -------- d-----w- c:\program files\iTunes
2011-07-21 23:30:31 -------- d-----w- c:\program files\Bonjour
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-07-28 08:44:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 21:24:51 23126064 ----a-w- c:\program files\avc-free.exe
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 12:21:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2011-06-29 00:01:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-19 04:13:31 3331742 ----a-w- c:\program files\streamtransport_setup.exe
2011-06-11 14:15:07 1402880 ----a-w- c:\program files\HijackThis.msi
2011-06-04 04:15:32 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 15:09:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2011-05-31 15:06:22 25685128 ----a-w- c:\program files\wordview_en-us.exe
2011-05-30 08:38:20 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-30 08:38:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-30 08:36:00 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 01:30:51 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe
2011-05-20 04:56:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 04:56:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-04 03:14:46 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe
2011-05-04 03:11:39 907264 ----a-w- c:\program files\cruler2.exe
2011-04-24 08:46:27 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe
2011-04-23 21:53:06 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe
2011-04-16 10:06:16 4349192 ----a-w- c:\program files\DefragSetup.exe
2011-04-12 19:32:07 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe
2011-04-10 01:44:29 13719264 ----a-w- c:\program files\aTube_Catcher.exe
2011-04-04 00:55:19 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe
2011-03-31 04:04:40 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe
2011-03-22 20:25:59 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe
2011-03-21 14:58:26 3436936 ----a-w- c:\program files\sd2setup.exe
2011-02-20 01:17:09 292184 ----a-w- c:\program files\dxwebsetup.exe
2011-02-06 18:40:54 883488 ----a-w- c:\program files\JavaSetup6u23.exe
2010-12-27 01:31:39 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe
2010-12-23 12:14:23 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe
2010-12-19 02:22:51 4734152 ----a-w- c:\program files\CITP.EXE
2010-12-09 21:22:03 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe
2010-12-09 21:06:23 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe
2010-12-09 08:54:50 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe
2010-12-02 16:44:51 5489976 ----a-w- c:\program files\fey-converter-setup.exe
2010-12-02 16:32:28 2546984 ----a-w- c:\program files\megamind-converter-setup.exe
2010-11-30 07:03:02 568648 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-11-24 09:48:06 907010 ----a-w- c:\program files\vidmex.exe
2010-11-23 04:45:31 1391616 ----a-w- c:\program files\iview427_setup.exe
2010-11-13 15:59:20 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-11-01 20:44:29 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe
2010-10-15 18:51:08 6274424 ----a-w- c:\program files\Silverlight.exe
2010-09-17 02:14:24 554256 ----a-w- c:\program files\Mats_Run.dvd.exe
2010-09-01 11:08:57 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-08-31 12:21:27 43594664 ----a-w- c:\program files\DivXInstaller.exe
2010-07-24 06:54:10 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe
2010-06-02 08:05:13 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-05-22 09:11:53 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe
2010-05-18 07:06:44 368112 ----a-w- c:\program files\X16-69453_DLM.exe
2010-05-17 06:23:49 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe
2010-05-07 03:43:14 833003 ----a-w- c:\program files\youtubesetup.exe
2010-04-23 01:49:44 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe
2010-04-05 03:27:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe
2010-04-02 06:15:23 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe
2010-03-26 02:42:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe
2010-03-24 04:24:01 916858 ----a-w- c:\program files\simpopdf2text.exe
2010-03-22 21:30:04 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe
2010-03-09 00:03:46 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe
2010-03-08 23:54:08 818200 ----a-w- c:\program files\RealPlayerSPGold.exe
2010-03-08 23:21:02 1486161 ----a-w- c:\program files\tralih250164.exe
2010-03-07 19:59:36 647728 ----a-w- c:\program files\R92578.EXE
2010-03-03 22:55:05 1288264 ----a-w- c:\program files\Setup117_uk.exe
2010-02-22 07:50:01 741331 ----a-w- c:\program files\End Task 1.0 setup.exe
2010-02-19 05:45:45 12417842 ----a-w- c:\program files\klcodec520f.exe
2010-02-19 05:43:19 8666733 ----a-w- c:\program files\vdm_free.exe
2010-02-12 03:59:51 939956 ----a-w- c:\program files\7z465.exe
2010-02-08 06:44:36 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe
2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe
2010-01-15 02:14:44 289584 ----a-w- c:\program files\utorrent.exe
2010-01-14 23:36:24 769120 ----a-w- c:\program files\avira_antivir_premium.exe
2010-01-12 18:23:39 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe
2009-12-20 00:23:50 2549024 ----a-w- c:\program files\eac-0.99pb5.exe
2009-12-18 19:24:34 2125249 ----a-w- c:\program files\burrrn_package.exe
2009-12-16 23:32:07 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe
2009-12-16 23:23:29 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe
2009-12-16 23:21:17 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe
2009-11-24 03:23:22 6973056 ----a-w- c:\program files\antispyware.exe
2009-11-14 13:56:27 13042504 ----a-w- c:\program files\WMEncoder64.exe
2009-11-14 13:50:34 9918872 ----a-w- c:\program files\WMEncoder.exe
2009-11-14 12:43:11 7405568 ----a-w- c:\program files\xVST_2_3-static.msi
2009-11-14 12:32:39 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe
2009-11-14 11:31:40 10044064 ----a-w- c:\program files\cinemaforge.exe
2009-11-13 21:14:36 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe
2009-11-13 06:33:56 1374154 ----a-w- c:\program files\wrar390.exe
2009-11-13 03:57:13 339257 ----a-w- c:\program files\CleanUp452.exe
2009-11-12 11:54:49 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe
2009-11-12 11:52:15 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-11-12 11:50:44 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
2009-11-12 11:48:01 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-11-12 11:43:53 4045528 ----a-w- c:\program files\mbam-setup.exe
2006-12-02 17:26:02 2572288 ----a-w- c:\program files\DCEz.exe
2006-10-01 18:00:32 155648 ----a-w- c:\program files\DCAux2.dll
2006-09-14 11:39:56 658944 ----a-w- c:\program files\WININET.dll
2006-07-12 16:01:04 5732096 ----a-w- c:\program files\wmfdist95.exe
2005-10-16 17:22:06 27136 ----a-w- c:\program files\AkRipDLL.dll
2003-07-09 00:46:50 1718576 ----a-w- c:\program files\gdiplus.dll
.
============= FINISH: 16:15:34.85 ===============

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[randolphr]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c3c8021022e2dc47adf4d1130cf85839
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-06 10:03:22
# local_time=2011-08-06 03:03:22 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3883092 3883092 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 94 0 77969411 46729 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=129695
# found=29
# cleaned=29
# scan_time=18591
C:\Program Files\eac-0.99pb5.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP868\A0221565.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP871\A0222613.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP872\A0222657.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP874\A0222896.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223691.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223855.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223856.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223857.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223858.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223859.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223860.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223861.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223862.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223863.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223864.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223865.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP877\A0224128.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

[randolphr]

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):


ESET Online Scanner v3
Java™ 6 Update 23

Restart your computer.

Get the latest version of Java.


Let me know what issues remain.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[randolphr]

I seem to be in the clear ..... yet, yesterday my Avira Guard suddenly turned off while I was online .... ran an ESET scan which found 3 instances of Win32/opencandy ..... ran ESET again last night (this time, i ran it while off line. The first time I've done that) and it found nothing. In the interim I have cleaned up my C drive so that it is 122 gigs free space out of 149 gigs total. I still have my suspicions .... Lastly, when I boot up, a screen quickly shows a Windows De-Bug mode (non highlighted) listed above my usual Windows start up listing which is highlighted. That's probably as a result of some option I clicked out of desperation last week.

Your help was absolutely invaluable and I cannot thank you enough.

I hope your summer is going great

Randolph

[screen317]

Glad to hear things are running well Randolph.

If it is the Recovery Console next to the Windows startup listing, then that was ComboFix's doing. The Recovery Console may be invaluable for future issues you may have, so I highly recommend keeping it. The screen should pass by in 2 seconds, I believe.


I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!