Malwarebytes, GMER, & DDS logs
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4299
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
7/19/2010 8:11:44 AM
mbam-log-2010-07-19 (08-11-44).txt
Scan type: Quick scan
Objects scanned: 149853
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--
DDS (Ver_10-03-17.01) - NTFSx86
Run by Matt at 14:53:41.31 on Tue 07/20/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2181 [GMT -4:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe 4
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\Matt\Desktop\dds.scr
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Citi Virtual Account Numbers] c:\progra~1\virtua~1\CitiVAN.exe /lang=en_RG /dontopenmycards
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\xnkrl9ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\xnkrl9ok.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-10 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-10 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
R2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-8-18 67072]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2007-3-25 140416]
S3 pbfilter;pbfilter;c:\program files\peerblock_r181__win32_release\pbfilter.sys [2009-9-28 14424]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys --> c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [?]
=============== Created Last 30 ================
2010-07-19 11:37:43 0 d-sha-r- C:\cmdcons
2010-07-19 11:35:40 98816 ----a-w- c:\windows\sed.exe
2010-07-19 11:35:40 77312 ----a-w- c:\windows\MBR.exe
2010-07-19 11:35:40 256512 ----a-w- c:\windows\PEV.exe
2010-07-19 11:35:40 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 02:54:11 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-07-10 20:10:06 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-10 16:45:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-10 16:45:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-10 16:39:15 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-10 15:50:37 0 d-----w- c:\windows\pss
2010-07-10 15:00:57 0 d-----w- c:\program files\PeerBlock_r181__Win32_Release
2010-07-10 14:51:20 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
2010-07-10 14:49:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-10 14:47:58 0 d-----w- c:\program files\COMODO
2010-07-10 14:46:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 14:45:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-07-10 14:36:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 14:32:32 0 d-----w- c:\docume~1\matt\applic~1\Malwarebytes
2010-07-10 14:32:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 14:32:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 14:32:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 14:32:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-10 14:09:54 38848 ----a-w- c:\windows\avastSS.scr
2010-07-10 14:09:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-01 13:03:33 0 d-----w- c:\program files\iPod
2010-07-01 13:03:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 12:55:55 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-06-15 00:02:56 256 ----a-w- c:\documents and settings\matt\pool.bin
2010-06-04 15:55:58 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 23:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 23:00:22 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 23:00:20 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-07-10 19:24:50 88 --sh--r- c:\windows\system32\F6A9BE14DE.sys
2007-07-10 19:25:10 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-01-03 20:33:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010320090104\index.dat
============= FINISH: 14:54:31.26 ===============