Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
72 Posts
Discussion Starter · #1 ·
Google search redirects to ads and computer randomly freezes no matter what I seem to be doing or not doing.

I've ran AdAware, GooredFix, Combofix, MalwareBytes and ATF.

It seems to have fixed the redirect problem but I'm still leery of the freeze so I will post my logs to make sure the problem is fixed.
 

·
Registered
Joined
·
72 Posts
Discussion Starter · #2 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:27 PM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\My Backup -- 07-08-02 0104AM\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1196370173657
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8482 bytes
 

·
Registered
Joined
·
72 Posts
Discussion Starter · #3 ·
GooredFix by jpshortstuff (12.07.09)
Log created at 15:52 on 17/08/2009 (Owner)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:42 18/07/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:14 15/08/2009]

-=E.O.F=-
 

·
Registered
Joined
·
72 Posts
Discussion Starter · #4 ·
ComboFix 09-08-10.06 - Owner 08/17/2009 16:48.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.228 [GMT -4:00]
Running from: c:\prog\fix current\Combo-Fix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1715567821-1202660629-854245398-1004
c:\recycler\S-1-5-21-240891336-1187843924-1747427098-1003
c:\recycler\S-1-5-21-484763869-789336058-1060284298-500
c:\windows\Installer\1324b.msi
c:\windows\Installer\6fb09f.msi
c:\windows\Installer\6fb0a0.msp
c:\windows\Installer\6fb0a1.msp
c:\windows\Installer\6fb0a2.msp
c:\windows\Installer\6fb0a3.msp
c:\windows\Installer\6fb0a4.msp
c:\windows\Installer\6fb0a5.msp
c:\windows\Installer\6fb0a6.msp
c:\windows\Installer\6fb0a7.msp
c:\windows\Installer\6fb0a8.msp
c:\windows\Installer\890b9c.msi
c:\windows\Installer\890b9d.msp
c:\windows\Installer\890b9e.msp
c:\windows\Installer\890b9f.msp
c:\windows\Installer\890ba0.msp
c:\windows\Installer\890ba1.msp
c:\windows\Installer\890ba2.msp
c:\windows\Installer\890ba3.msp
c:\windows\Installer\890ba4.msp
c:\windows\Installer\890ba5.msp
c:\windows\msa.exe
c:\windows\system32\drivers\ESQULpaitqmoejunfoayxylqgdvgviotkltum.sys
c:\windows\system32\ESQULenjekyjrijaujwrqdugeomppvtsipsan.dll
c:\windows\system32\ESQULvmshfiiteegkmoppvumxpujyodoqkjdn.dll
c:\windows\system32\f02WtR
c:\windows\system32\msxml71.dll
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 20:12 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 20:12 . 2009-08-17 20:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-17 20:12 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 20:12 . 2009-08-17 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 21:05 . 2009-07-14 00:52 380928 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xqred5uq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-08-15 08:32 . 2009-08-15 16:39 -------- d-----w- c:\documents and settings\Everyone Else\Local Settings\Application Data\Adobe
2009-08-15 07:13 . 2009-08-15 07:13 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-15 07:12 . 2009-08-15 07:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 07:12 . 2009-08-15 07:12 -------- d-----w- c:\program files\MSBuild
2009-08-15 07:11 . 2009-08-15 07:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 07:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 07:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 07:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 07:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 07:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 07:10 . 2009-08-15 07:11 -------- d-----w- C:\c3ecb43b517ad26cbfea4d72
2009-08-14 22:34 . 2009-08-17 05:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 22:24 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-14 20:19 . 2009-08-14 20:19 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-14 20:18 . 2004-08-04 19:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-14 20:18 . 2004-08-04 19:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-14 20:17 . 2009-08-14 20:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-14 20:17 . 2009-08-14 20:17 -------- d-----w- c:\program files\Lavasoft
2009-08-14 04:35 . 2009-08-14 04:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-14 04:35 . 2009-08-14 04:35 -------- d-----w- c:\program files\Betacoder
2009-08-11 21:40 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 03:59 . 2009-08-10 03:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-09 18:12 . 2009-08-09 18:12 -------- d-sh--w- c:\documents and settings\Everyone Else\IECompatCache
2009-08-09 18:12 . 2009-08-09 18:12 -------- d-sh--w- c:\documents and settings\Everyone Else\PrivacIE
2009-08-08 03:46 . 2009-08-08 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\SulusGames
2009-08-08 03:46 . 2009-08-08 03:46 -------- d-----w- c:\docume~1\Owner\APPLIC~1\SulusGames
2009-08-08 03:46 . 2009-08-08 03:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SulusGames
2009-08-07 20:40 . 2009-08-07 21:34 23 ----a-w- c:\windows\popcinfot.dat
2009-08-07 20:10 . 2009-08-14 21:40 -------- d-----w- c:\program files\Steam
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:17 . 2009-08-05 02:17 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-02 19:31 . 2009-08-02 19:31 -------- d-----w- c:\program files\She is a Shadow
2009-08-02 18:40 . 2009-08-02 18:40 -------- d-----w- c:\documents and settings\Owner\Application Data\EleFun Games
2009-08-02 18:40 . 2009-08-02 18:40 -------- d-----w- c:\docume~1\Owner\APPLIC~1\EleFun Games
2009-08-02 14:49 . 2009-08-02 14:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Gold Casual Games
2009-08-02 14:49 . 2009-08-02 14:49 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Gold Casual Games
2009-08-01 06:40 . 2009-08-01 06:42 -------- d-----w- c:\program files\Peggle Extreme
2009-07-31 03:25 . 2009-08-17 19:15 -------- d-----w- C:\03af40f2afe540f697d35318
2009-07-31 03:24 . 2009-07-31 03:45 -------- d-----w- C:\dc363bee9974dafec69e855f12
2009-07-31 01:26 . 2009-07-31 01:26 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-31 01:26 . 2009-07-31 01:26 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-31 01:26 . 2009-07-31 01:26 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-31 01:26 . 2009-07-31 01:26 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-30 19:14 . 2009-07-30 19:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\GameHouse
2009-07-29 22:13 . 2009-07-29 22:13 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-27 18:40 . 2009-07-27 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SprillRichiEng
2009-07-27 18:40 . 2009-07-27 18:42 -------- d-----w- c:\docume~1\Owner\APPLIC~1\SprillRichiEng
2009-07-27 18:05 . 2009-07-27 18:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Pogo Games
2009-07-27 18:05 . 2009-07-27 18:05 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Pogo Games
2009-07-26 10:25 . 2009-07-26 10:25 -------- d-----w- c:\documents and settings\Owner\Application Data\GameInvest
2009-07-26 10:25 . 2009-07-26 10:25 -------- d-----w- c:\docume~1\Owner\APPLIC~1\GameInvest
2009-07-24 17:33 . 2009-07-24 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Little Games Company
2009-07-24 17:33 . 2009-07-24 17:33 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Little Games Company
2009-07-24 17:33 . 2009-07-24 17:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Little Games Company
2009-07-21 22:07 . 2009-07-21 22:08 -------- d-----w- c:\program files\ Pictureka Museum Mayhem
2009-07-21 21:33 . 2009-07-21 21:33 -------- d-----w- c:\program files\OUAT Entertainment
2009-07-19 02:31 . 2009-07-19 04:41 -------- d-----w- c:\documents and settings\Owner\Application Data\DVD Flick
2009-07-19 02:31 . 2009-07-19 04:41 -------- d-----w- c:\docume~1\Owner\APPLIC~1\DVD Flick
2009-07-19 02:30 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-07-19 02:29 . 2009-07-19 02:30 -------- d-----w- c:\program files\DVD Flick
2009-07-18 23:26 . 2009-07-18 23:26 194560 ----a-w- c:\windows\Daytrana.scr
2009-07-18 23:25 . 2009-07-18 23:28 -------- d-----w- c:\windows\Daytrana dir
2009-07-18 23:25 . 2009-07-18 23:25 606848 ----a-w- c:\windows\flashax.exe
2009-07-18 23:25 . 2009-07-18 23:25 12288 ----a-w- c:\windows\impborl.dll
2009-07-18 23:04 . 2009-07-18 23:04 -------- d-----w- c:\program files\Trend Micro
2009-07-18 21:42 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 21:41 . 2009-07-18 21:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 20:15 . 2009-07-07 03:30 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-14 22:36 . 2007-09-17 15:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-14 21:43 . 2007-10-06 18:47 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-14 19:44 . 2008-02-02 08:01 -------- d-----w- c:\program files\Spyware Doctor
2009-08-14 19:27 . 2007-09-17 16:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Lavasoft
2009-08-14 19:27 . 2007-09-17 16:15 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Lavasoft
2009-08-10 17:38 . 2008-02-15 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 04:00 . 2007-09-08 20:11 -------- d-----w- c:\program files\DivX
2009-08-09 18:12 . 2007-08-25 19:50 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\Yahoo!
2009-08-07 17:18 . 2009-07-06 17:32 -------- d-----w- c:\program files\Games
2009-08-05 09:01 . 2007-08-02 08:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:21 . 2007-08-20 00:09 -------- d-----w- c:\program files\Java
2009-08-02 19:30 . 2007-09-02 20:28 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-08-02 19:30 . 2007-09-02 20:28 -------- d-----w- c:\docume~1\Owner\APPLIC~1\uTorrent
2009-07-31 04:47 . 2007-08-20 00:39 39 ----a-w- c:\windows\popcinfo.dat
2009-07-31 01:29 . 2008-02-15 21:31 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-31 01:27 . 2008-02-15 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2009-07-31 01:27 . 2008-02-15 21:27 -------- d-----w- c:\docume~1\Owner\APPLIC~1\SystemRequirementsLab
2009-07-31 00:50 . 2007-08-19 22:46 134120 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 00:06 . 2007-09-05 10:50 -------- d-----w- c:\program files\Hidden Expedition - Everest
2009-07-28 18:04 . 2006-10-19 05:41 -------- d-----w- c:\program files\Jewel Quest Solitaire
2009-07-27 04:10 . 2008-02-12 01:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Flood Light Games
2009-07-27 04:10 . 2008-02-12 01:52 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Flood Light Games
2009-07-27 04:10 . 2008-02-12 01:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Flood Light Games
2009-07-23 23:55 . 2007-09-17 03:37 -------- d-----w- c:\program files\The Stone of Destiny
2009-07-23 23:53 . 2008-02-27 05:58 -------- d-----w- c:\program files\MAIET
2009-07-23 07:51 . 2009-07-10 06:37 -------- d-----w- c:\program files\QuickTime
2009-07-22 03:02 . 2007-12-28 22:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-07-18 03:20 . 2009-07-07 01:34 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-18 03:20 . 2009-07-07 01:34 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-18 01:01 . 2007-08-20 00:04 -------- d-----w- c:\program files\Google
2009-07-18 00:34 . 2007-09-05 06:04 -------- d-----w- c:\program files\Dream Day Honeymoon
2009-07-18 00:30 . 2008-02-11 02:43 -------- d-----w- c:\program files\Space Strike
2009-07-18 00:29 . 2008-02-11 02:39 -------- d-----w- c:\program files\Jewel Match Winter Wonderland
2009-07-17 19:01 . 2007-08-02 07:59 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 04:40 . 2009-07-17 04:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PlayFirst
2009-07-17 04:40 . 2008-03-12 06:36 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-07-17 04:40 . 2008-03-12 06:36 -------- d-----w- c:\docume~1\Owner\APPLIC~1\PlayFirst
2009-07-16 21:06 . 2007-09-21 03:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sandlot Games
2009-07-15 00:17 . 2007-08-20 02:18 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2009-07-15 00:17 . 2007-08-20 02:18 -------- d-----w- c:\docume~1\Owner\APPLIC~1\iWin
2009-07-15 00:15 . 2009-07-15 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\HSA
2009-07-15 00:15 . 2009-07-15 00:15 -------- d-----w- c:\docume~1\Owner\APPLIC~1\HSA
2009-07-14 03:43 . 2007-08-02 08:03 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 04:08 . 2009-07-13 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Games
2009-07-13 04:08 . 2009-07-13 04:08 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Games
2009-07-12 03:40 . 2009-07-12 03:40 -------- d-----w- c:\documents and settings\Owner\Application Data\she_is_a_shadow
2009-07-12 03:40 . 2009-07-12 03:40 -------- d-----w- c:\docume~1\Owner\APPLIC~1\she_is_a_shadow
2009-07-12 00:22 . 2009-07-12 00:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Gamers Digital
2009-07-12 00:22 . 2009-07-12 00:22 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Gamers Digital
2009-07-12 00:22 . 2009-07-12 00:22 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Gamers Digital
2009-07-10 13:27 . 2009-07-10 13:27 -------- d-----w- c:\program files\eGames
2009-07-10 06:34 . 2009-07-10 06:34 -------- d-----w- c:\program files\Apple Software Update
2009-07-09 16:32 . 2009-07-09 16:32 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\J River
2009-07-08 22:36 . 2009-07-08 22:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SpinTop Games
2009-07-08 22:36 . 2009-07-08 22:36 -------- d-----w- c:\docume~1\Owner\APPLIC~1\SpinTop Games
2009-07-08 21:44 . 2007-09-29 04:36 -------- d-----w- c:\program files\MSN Messenger
2009-07-08 19:41 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-08 01:45 . 2009-07-08 01:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\IntDreams
2009-07-07 05:43 . 2008-01-07 23:31 -------- d-----w- c:\program files\Logitech
2009-07-07 03:32 . 2009-07-07 01:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Comodo
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\COMODO
2009-07-07 01:34 . 2009-07-07 01:34 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-07 01:34 . 2009-07-07 01:34 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-07 00:56 . 2007-08-20 00:04 -------- d-----w- c:\program files\BigFix
2009-07-07 00:56 . 2007-08-20 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 00:56 . 2007-09-03 04:01 -------- d-----w- c:\program files\Western Digital Technologies
2009-07-07 00:55 . 2008-03-08 03:12 -------- d-----w- c:\program files\Prime95
2009-07-07 00:54 . 2008-03-08 02:42 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-07-07 00:37 . 2009-07-07 00:37 -------- d-----w- c:\program files\CCleaner
2009-07-07 00:00 . 2007-08-19 22:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-06 23:50 . 2009-07-06 23:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-06 23:48 . 2009-07-06 23:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-07-06 23:28 . 2008-01-31 01:15 -------- d-----w- c:\program files\Picasa2
2009-07-06 23:19 . 2008-01-31 01:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-06 17:38 . 2009-07-06 17:38 -------- d-----w- c:\documents and settings\Owner\Application Data\V-Games
2009-07-06 17:38 . 2009-07-06 17:38 -------- d-----w- c:\docume~1\Owner\APPLIC~1\V-Games
2009-07-06 07:41 . 2007-08-19 23:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\yahoo!
2009-07-06 07:41 . 2007-08-19 23:27 -------- d-----w- c:\program files\Yahoo!
2009-07-06 07:41 . 2007-09-30 23:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-06 07:14 . 2009-07-06 07:14 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-06 07:12 . 2007-08-22 05:53 -------- d-----w- c:\program files\Linksys
2009-07-06 06:20 . 2007-08-20 00:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL
2009-07-03 17:09 . 2007-08-02 08:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2007-08-02 08:03 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2007-08-02 08:02 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2007-08-02 08:02 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2007-08-02 08:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2007-08-02 08:01 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2007-08-02 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2007-08-02 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2007-08-02 08:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2007-08-02 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2007-08-02 08:02 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2007-08-02 07:59 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2007-08-02 08:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2007-08-02 08:03 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2007-08-02 08:02 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 00:25 . 2009-07-06 23:51 109960 ----a-w- c:\windows\system32\~GLH0023.TMP
2007-09-30 23:12 . 2007-09-30 23:12 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-07 1793808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-26 90112]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/6/2009 7:49 PM 130936]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [7/6/2009 9:34 PM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7/6/2009 9:34 PM 25160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 7:30 PM 95232]
S3 LSWLNDS;Instant Wireless Driver;c:\windows\system32\DRIVERS\LSWLNDS.sys --> c:\windows\system32\DRIVERS\LSWLNDS.sys [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/28/2007 2:50 PM 517632]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/15/2008 3:46 PM 348752]
S3 WMP11;Instant Wireless PCI Card Driver;c:\windows\system32\DRIVERS\WMP11NDS.sys --> c:\windows\system32\DRIVERS\WMP11NDS.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\xqred5uq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xqred5uq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xqred5uq.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
 

·
Registered
Joined
·
72 Posts
Discussion Starter · #5 ·
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\my backup -- 07-08-02 0104am\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 17:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-08-17 17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 21:42

Pre-Run: 8,359,895,040 bytes free
Post-Run: 8,283,656,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
417 --- E O F --- 2009-08-16 07:02
 

·
Registered
Joined
·
72 Posts
Discussion Starter · #6 ·
Malwarebytes' Anti-Malware 1.40
Database version: 2644
Windows 5.1.2600 Service Pack 3

8/17/2009 6:15:09 PM
mbam-log-2009-08-17 (18-15-09).txt

Scan type: Quick Scan
Objects scanned: 97006
Time elapsed: 22 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top