the following logs i DDS.txt and Attach.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by cliff at 1:02:05.81 on 19/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.439 [GMT 0:00]
FW: Outpost Firewall Pro *disabled*
FW: COMODO Firewall Pro *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cliff\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
uInternet Settings,ProxyServer = 201.229.208.2:80
mSearchAssistant = hxxp://www.google.com/ie
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191804486234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {1A1CF384-B76D-4A12-AA96-3DB3C5494606} = 194.168.4.100,194.168.8.100
TCP: {2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3} = 194.168.4.100,194.168.8.100
TCP: {44188752-45E2-4488-9398-96C589E7EB24} = 194.168.4.100,194.168.8.100
TCP: {6C08A0E8-B96D-4D80-A788-3168567EBF76} = 194.168.4.100,194.168.8.100
TCP: {BE2C7A2D-5762-4B03-B65F-C8B49B0E3668} = 194.168.4.100,194.168.8.100
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cliff\applic~1\mozilla\firefox\profiles\obwy9xeo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\cliff\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
============= SERVICES / DRIVERS ===============
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2008-12-24 673920]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-12-24 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-12-24 234640]
R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2008-12-24 33408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-19 15504]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2008-11-4 26448]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-12-24 1238344]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-19 179856]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2008-11-4 52944]
S3 fsssvc;Windows Live Family Safety; [x]
S3 getPlus® Helper;getPlus® Helper; [x]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848]
S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-8-27 30272]
============== File Associations ===============
txtfile=c:\windows\NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-03-17 08:33 <DIR> --d----- c:\windows\RestoreSafeDeleted
2009-03-17 00:15 <DIR> --d----- c:\docume~1\cliff\applic~1\RegRun
2009-03-17 00:01 57,556 a------- c:\windows\guard.bmp
2009-03-17 00:01 <DIR> --d----- c:\program files\Greatis
2009-03-13 15:55 0 a------- c:\windows\system32\drivers\SENEKADITGRRFV.SYS.del
2009-03-11 16:43 <DIR> --d----- C:\RootkitNO
2009-03-11 11:12 2 a--shrot c:\windows\winstart.bat
2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\PrivacIE
2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\IETldCache
2009-03-07 00:05 <DIR> --d----- c:\windows\ie8updates
2009-03-06 23:54 81,920 a------- c:\windows\system32\ieencode.dll
2009-03-06 23:52 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-05 01:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-05 01:26 1,089,593 -------- c:\windows\ntprint.cat
2009-03-04 19:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-04 19:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-04 19:07 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-04 19:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-04 19:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-04 19:07 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-04 19:07 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-04 19:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-04 19:07 <DIR> --d----- C:\6f42334d2be88dc778ff04c32d4ce908
2009-03-04 19:06 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-04 18:02 <DIR> --d----- c:\program files\Trend Micro
2009-02-28 02:16 7,168 a--sh--- c:\windows\Thumbs.db
2009-02-28 02:13 31 a------- c:\windows\system32\Days5.ini
2009-02-27 03:30 434,688 a------- c:\windows\system32\ss2uinst.exe
2009-02-22 21:57 0 a------- c:\windows\rschkr.ini
==================== Find3M ====================
2009-02-27 10:27 36,892 a------- c:\windows\system32\btbass.dll
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-07 23:44 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-01-07 23:44 2,117,632 a------- c:\windows\system32\python25.dll
2009-01-07 23:44 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-07 23:44 114,688 a------- c:\windows\system32\pywintypes25.dll
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll
2008-10-08 13:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat
============= FINISH: 1:02:21.59 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/07/2007 20:21:40
System Uptime: 18/03/2009 04:52:56 (21 hours ago)
Motherboard: | | SiS-755
Processor: AMD Sempron™ Processor 3000+ | Socket 940 | 1799/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 16 GiB total, 6.778 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20
Service: SISNICXP
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel 21140-Based PCI Fast Ethernet Adapter (Generic)
Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60
Manufacturer: Intel
Name: Intel 21140-Based PCI Fast Ethernet Adapter (Generic) #4
PNP Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60
Service: DC21x4
==== System Restore Points ===================
RP165: 07/03/2009 21:01:39 - Before uninstall OpenDNS Updater 1.3.0.187
RP166: 08/03/2009 21:31:02 - System Checkpoint
RP167: 09/03/2009 23:41:15 - System Checkpoint
RP168: 11/03/2009 02:53:15 - System Checkpoint
RP169: 11/03/2009 03:00:55 - Software Distribution Service 3.0
RP170: 11/03/2009 11:20:36 - RegRun Virus Scan
RP171: 11/03/2009 11:25:14 - RegRun Virus Scan
RP172: 11/03/2009 11:29:55 - RegRun Virus Scan
RP173: 11/03/2009 11:31:00 - RegRun Virus Scan
RP174: 12/03/2009 15:46:51 - System Checkpoint
RP175: 13/03/2009 15:57:37 - Before uninstall Adobe Flash Player 10 ActiveX
RP176: 13/03/2009 15:58:45 - Before uninstall TrojanHunter 5.0
RP177: 14/03/2009 03:03:42 - Software Distribution Service 3.0
RP178: 14/03/2009 22:11:13 - RegRun Virus Scan
RP179: 14/03/2009 22:14:07 - RegRun Virus Scan
RP180: 16/03/2009 04:34:31 - System Checkpoint
RP181: 17/03/2009 05:11:20 - System Checkpoint
RP182: 17/03/2009 08:13:29 - RegRun Virus Scan
RP183: 17/03/2009 08:14:45 - RegRun Virus Scan
RP184: 17/03/2009 08:29:18 - RegRun Virus Scan
RP185: 17/03/2009 15:16:45 - Before uninstall UnHackMe 4.80 beta
RP186: 17/03/2009 21:01:44 - RegRun Virus Scan
RP187: 17/03/2009 21:27:46 - RegRun Virus Scan
RP188: 18/03/2009 02:20:05 - Before uninstall RegRun Security Suite Platinum
==== Installed Programs ======================
Adobe Reader 9
Agnitum Outpost Firewall Pro
ATI Display Driver
C-Media WDM Audio Driver
CaptureWizPro 3.90
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 8 Professional
DBOX2 Image-Flashing-Assistent 3.1.1
FlashFXP v3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HyperTerminal Private Edition v6.3
IBP & ARELIS 9.7.1
Infinity USB Unlimited 2.75
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Lib Debug 1.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SiS 900 PCI Fast Ethernet Adapter Driver
SMAC 2.7
SolarWinds TFTP Server
Trojan Remover 6.7.6
TuneUp Utilities 2009
Unlocker 1.8.7
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VultureWare DOCSIS Config Editor 0.1
WebFldrs XP
WinAce Archiver
Windows Doctor 2.0
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XoftSpySE
Your Uninstaller! 2008 Version 6.2
==== Event Viewer Messages From Past Week ========
15/03/2009 14:33:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/03/2009 14:32:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
15/03/2009 13:04:00, error: Service Control Manager [7034] - The Logical Disk Manager Administrative Service service terminated unexpectedly. It has done this 1 time(s).
15/03/2009 13:01:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SandBox
15/03/2009 13:01:42, error: Service Control Manager [7001] - The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/03/2009 12:28:12, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
15/03/2009 12:26:05, error: Service Control Manager [7000] - The fssfltr service failed to start due to the following error: The system cannot find the file specified.
13/03/2009 20:01:27, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
13/03/2009 20:01:27, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
13/03/2009 15:55:44, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
13/03/2009 15:01:54, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00028A630344 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
13/03/2009 13:20:10, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================