Google redirects to adwords/onlinesecure in firefox

Status
Not open for further replies.
J

jpb2872

Posts: 22   +0
Hello and thank you in advance for your help.

I have a dell latitude D810, running windows xp professional

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model Latitude D810
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2261 Mhz
BIOS Version/Date Dell Inc. A04, 9/30/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name PPSO-D1G5MW81\John
Time Zone Central Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 248.72 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.40 GB
Page File C:\pagefile.sys


I believe I have some type of virus/infection. The symptoms I am noticing are that in firefox, during a google search, if I click a link in the search results I get redirected to different pages. On a mouse over of a link it shows "adwords onlinesecure..." Also I have noticed after closing firefox and running CCleaner I am prompted to close firefox which does not show as an open program but does show under proceesses. When I later restart firefox it prompts me as to whether I want to restore tabs/windows or start a new session. Under restore tabs/windows are numerous onlinesecure/blank blank2 blank3 ect... sometimes as many as 6. If I use IE it hangs up and freezes alot.

Also at times I get the blue screen and dumping memory message, not sure of the exact error message at this time.

I have done the following so far. I have ran Malwarebytes and cleaned several items a few weeks ago but continue to get no viruses found since, ran avira and cleaned one virus, again a few weeks ago, and since I get no viruses found.

Upon reading on this site tonight I followed the steps listed for virus removal.

1.) I ran CCleaner
2.) Ran Malwarebytes - Log pasted below
3.) Ran Avira - Log attached
4.) Ran GMER (I did not save log, thought it was saved automatically, no programs were found to be running.) I can rerun and post a log
5.) Ran dds - Logs attached
6.) Ran combofix - Log attached
7.) Ran ESET - Log attached

I did not download and run hijack log, please let me know if it is needed.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4310

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/13/2010 10:32:05 PM
mbam-log-2010-07-13 (22-32-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 307260
Time elapsed: 2 hour(s), 13 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------------


Awaiting your response and thanking you in advance.

John
 

Attachments

  • Attach.txt
    17 KB · Views: 1
  • DDS.txt
    16.2 KB · Views: 1
  • ComboFix.txt
    31.6 KB · Views: 0
  • eset log.txt
    1 KB · Views: 1
  • AVSCAN-20100719-005605-67C8EAF3.LOG
    19.4 KB · Views: 1
You ran some extra programs like Combofix and Eset. Although we usually have the members run those programs during the cleaning, you should have waited until the logs were checked for instructions. We also recommend running TFC instead of CCleaner.

It will take me a bit to get through the logs. In the meantime, Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I would also appreciate your pasting the logs instead of attaching. Then I can search directly from my browser instead of copy and paste. Be patient please.
 
logs

I had them pasted but I exceeded the maximum number of characters, I will paste them here on two post if need be. Thanks


Avira AntiVir Personal
Report file date: Monday, July 19, 2010 00:56

Scanning for 2360683 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : John
Computer name : PPSO-D1G5MW81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Monday, July 19, 2010 00:56

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'msdtc.exe' - '43' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'realsched.exe' - '34' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
Scan process 'MDM.EXE' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'Iap.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '70' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1867' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Monday, July 19, 2010 02:12
Used time: 1:15:51 Hour(s)

The scan has been done completely.

13754 Scanned directories
415191 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
415191 Files not concerned
4605 Archives were scanned
0 Warnings
0 Notes
925494 Objects were scanned with rootkit scan
2 Hidden objects were found

==============================================================
======
 
DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 21:49:48.85 on Mon 07/19/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.579 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\PPSO88\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
{aa58ed58-01dd-4d91-8333-cf10577473f7}
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134502743502
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ppso88\applic~1\mozilla\firefox\profiles\nc6b34uq.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-5 11608]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2007-6-18 80640]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-5 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-5 60936]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-10-19 110984]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-11-23 80384]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 MotDev;Motorola Inc. USB Device; [x]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2008-3-24 899884]

=============== Created Last 30 ================

2010-07-22 03:23:54 3281 ----a-w- c:\windows\system32\wbem\Outlook_01cb294d4fec85b4.mof
2010-07-22 03:08:52 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-07-22 03:08:37 1848608 ----a-w- c:\windows\system32\acXMLParser.dll
2010-07-22 03:08:35 3523872 ----a-w- c:\windows\system32\cdintf300.dll
2010-07-22 03:08:01 0 d-----w- c:\docume~1\ppso88\applic~1\Intuit
2010-07-22 03:07:33 0 d-----w- c:\program files\common files\Intuit
2010-07-22 03:07:19 0 d-----w- c:\program files\Quicken
2010-07-22 03:07:09 120 ----a-w- c:\windows\QUICKEN.INI
2010-07-22 03:06:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-07-13 19:15:58 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 15:31:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 12:28:17 0 d-----w- c:\program files\common files\McAfee
2010-07-05 22:32:57 0 d-----w- c:\docume~1\ppso88\applic~1\Avira
2010-07-05 07:02:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-05 07:01:26 0 d-----w- c:\program files\Avira
2010-07-05 07:01:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-02 20:20:31 139264 ----a-w- c:\windows\system32\UStorSrv.exe
2010-07-01 20:58:10 117 ----a-w- c:\windows\WMProof.ini
2010-07-01 20:57:57 18 ----a-w- c:\windows\geolan.ini
2010-07-01 00:38:08 0 d-----w- C:\My Documents
2010-07-01 00:37:58 0 d-----w- C:\Application Data
2010-06-25 20:09:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-25 20:09:52 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-25 17:15:31 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-06-25 17:10:41 0 d-----w- c:\program files\common files\xing shared

==================== Find3M ====================

2010-05-04 12:39:27 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-08 04:18:43 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2007-08-31 15:53:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007083120070901\index.dat
2008-12-12 08:48:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat

============= FINISH: 21:50:21.67 =========
 
DDS attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2005 1:29:04 PM
System Uptime: 7/19/2010 5:07:05 PM (4 hours ago)

Motherboard: Dell Inc. | | 0D8006
Processor: Intel(R) Pentium(R) M processor 2.26GHz | Microprocessor | 791/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 24.815 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP56: 7/5/2010 5:30:07 PM - System Checkpoint
RP57: 7/5/2010 5:30:06 PM - Software Distribution Service 3.0
RP58: 7/5/2010 5:30:05 PM - System Checkpoint
RP59: 7/5/2010 5:30:03 PM - System Checkpoint
RP60: 7/5/2010 5:30:03 PM - System Checkpoint
RP61: 7/5/2010 5:30:01 PM - System Checkpoint
RP62: 7/5/2010 5:29:47 PM - System Checkpoint
RP63: 7/19/2010 8:20:29 PM - System Checkpoint
RP64: 7/5/2010 5:30:21 PM - System Checkpoint
RP65: 7/5/2010 5:30:20 PM - System Checkpoint
RP66: 7/5/2010 5:30:10 PM - Software Distribution Service 3.0
RP67: 7/1/2010 3:44:09 PM - Restore Operation
RP68: 7/1/2010 4:11:18 PM - Restore Operation
RP69: 7/1/2010 4:24:37 PM - Restore Operation
RP70: 7/5/2010 5:30:09 PM - System Checkpoint
RP71: 7/6/2010 7:45:26 PM - Removed SUPERAntiSpyware Free Edition
RP72: 7/7/2010 7:20:28 AM - Removed Bonjour
RP73: 7/7/2010 7:24:25 AM - Removed RAID
RP74: 7/8/2010 9:12:48 AM - System Checkpoint
RP75: 7/9/2010 10:36:46 AM - System Checkpoint
RP76: 7/10/2010 12:11:29 PM - System Checkpoint
RP77: 7/11/2010 1:57:59 PM - System Checkpoint
RP78: 7/12/2010 10:30:31 AM - Installed Java(TM) 6 Update 20
RP79: 7/12/2010 10:34:52 AM - Installed QuickTime
RP80: 7/12/2010 10:40:42 AM - Removed Adobe Reader 8.1.1
RP81: 7/12/2010 10:41:54 AM - Installed Adobe Reader 9.3.
RP82: 7/13/2010 4:02:08 PM - System Checkpoint
RP83: 7/13/2010 8:14:48 PM - Software Distribution Service 3.0
RP84: 7/14/2010 3:00:35 AM - Software Distribution Service 3.0
RP85: 7/15/2010 3:00:42 AM - Software Distribution Service 3.0
RP86: 7/16/2010 4:07:07 AM - System Checkpoint
RP87: 7/17/2010 6:07:13 AM - System Checkpoint
RP88: 7/18/2010 8:07:07 AM - System Checkpoint
RP89: 7/18/2010 6:41:22 PM - OTL Restore Point

==== Installed Programs ======================

2570
2570_Help
2570Trb
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan_CDA
AiOSoftwareNPI
AnswerWorks 5.0 English Runtime
ATI Display Driver
Avanquest update
Avira AntiVir Personal - Free Antivirus
AVS VideoConverter 3.1.1.151
BufferChm
CCleaner
Conexant D110 MDC V.9x Modem
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
Crystal Reports XI
CueTour
DesignPro 5.4 Limited Edition
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Setup
DocProc
DocumentViewer
DocumentViewerQFolder
Fax_CDA
FTDI USB Serial Converter Drivers
FullDPAppQFolder
GeoVision ADPCM
GeoVision H264
GeoVision JPEG
GeoVision MPEG2
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
Google Toolbar for Internet Explorer
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
iDEN Phonebook Manager
Imation Disk Manager V a Service
InstantShareDevices
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server Desktop Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NewCopy_CDA
OGA Notifier 2.0.0048.0
OmniForm 5.0
PanoStandAlone
PayPal Plug-In
PDF Settings
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoGallery
ProductContextNPI
Quicken 2009
QuickTime
RandMap
Readme
RealPlayer
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Easy Media Creator 7 Basic VCD Edition
Roxio Express Labeler
Roxio Update Manager
Safari
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2229593)
SkinsHP1
Sonic Activation Module
Sonic DLA
Sonic_PrimoSDK
SpotLife
Status
Surveillance Device Configurator
TaxCut Louisiana 2007
TaxCut Premium + State + Efile 2007
TrayApp
TSP_CODEC
Uniblue RegistryBooster 2
Uniblue System Tweaker
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
VC80CRTRedist - 8.0.50727.4053
Video DVD Maker v3.7.0.15
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/19/2010 12:30:55 AM, error: System Error [1003] - Error code 1000000a, parameter1 251bdd8c, parameter2 00000002, parameter3 00000000, parameter4 805068c9.
7/18/2010 7:03:03 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 853b3010, parameter3 853b39f0, parameter4 0b3c4e30.
7/18/2010 2:27:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2010 12:57:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2010 12:42:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2010 12:40:27 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE38E0FE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/18/2010 1:27:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/16/2010 9:24:20 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
7/13/2010 8:41:18 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 16 time(s).
7/13/2010 8:26:01 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 15 time(s).
7/13/2010 8:26:01 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 16 time(s).
7/13/2010 8:25:59 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 14 time(s).
7/13/2010 8:25:59 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 15 time(s).
7/13/2010 8:25:57 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 13 time(s).
7/13/2010 8:25:57 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 14 time(s).
7/13/2010 8:25:54 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 12 time(s).
7/13/2010 8:25:54 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 13 time(s).
7/13/2010 8:25:53 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 11 time(s).
7/13/2010 8:25:53 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 12 time(s).
7/13/2010 8:25:51 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 10 time(s).
7/13/2010 8:25:51 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 11 time(s).
7/13/2010 8:25:49 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 9 time(s).
7/13/2010 8:25:49 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 10 time(s).
7/13/2010 8:25:47 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 8 time(s).
7/13/2010 8:25:47 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 9 time(s).
7/13/2010 8:25:45 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 7 time(s).
7/13/2010 8:25:45 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 8 time(s).
7/13/2010 8:25:44 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 6 time(s).
7/13/2010 8:25:44 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 7 time(s).
7/13/2010 8:25:42 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 5 time(s).
7/13/2010 8:25:42 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 6 time(s).
7/13/2010 8:25:40 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 4 time(s).
7/13/2010 8:25:40 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 5 time(s).
7/13/2010 8:25:39 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 3 time(s).
7/13/2010 8:25:39 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 4 time(s).
7/13/2010 8:25:30 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 2 time(s).
7/13/2010 8:10:28 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
7/13/2010 8:10:23 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/13/2010 8:10:22 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
7/13/2010 8:10:22 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/13/2010 3:42:25 AM, error: VolSnap [10] - The shadow copy of volume C: took too long to install.
7/13/2010 3:25:04 AM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
7/13/2010 3:23:27 AM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
7/13/2010 2:03:13 PM, error: Dhcp [1002] - The IP address lease 10.0.6.10 for the Network Card with network address 001422DC855A has been denied by the DHCP server 10.0.6.1 (The DHCP Server sent a DHCPNACK message).
7/12/2010 7:13:41 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 ba7bb1a8, parameter3 ba7bb9d0, parameter4 fd050f80.
7/12/2010 7:12:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/12/2010 7:11:58 PM, error: Service Control Manager [7001] - The WLANKEEPER service depends on the EvtEng service which failed to start because of the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7001] - The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The RegSrvc service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Pantech&Curitel Utility Service service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The OmniForm Printer service failed to start due to the following error: The system cannot find the path specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The MSSQLSERVER service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Broadcom ASF IP monitoring service v6.0.4 service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 7:11:57 PM, error: Service Control Manager [7000] - The EvtEng service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 10:45:32 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.6.10 with the system having network hardware address 00:15:C5:5A:3A:6F. Network operations on this system may be disrupted as a result.

==== End Of File ===========================
 
Combofix log part 1

ComboFix 10-07-19.01 - John 07/19/2010 22:05:25.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.567 [GMT -5:00]
Running from: c:\documents and settings\PPSO88\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-22 03:10 . 2010-07-22 03:10 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-07-22 03:08 . 2010-07-22 03:08 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-22 03:08 . 2008-09-29 23:37 1848608 ----a-w- c:\windows\system32\acXMLParser.dll
2010-07-22 03:08 . 2008-09-29 23:37 3523872 ----a-w- c:\windows\system32\cdintf300.dll
2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
2010-07-22 03:08 . 2010-07-22 03:08 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Intuit
2010-07-22 03:07 . 2010-07-22 03:07 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-22 03:07 . 2010-07-22 03:08 -------- d-----w- c:\program files\Quicken
2010-07-22 03:06 . 2010-07-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-07-13 19:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 15:38 . 2010-07-12 15:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 15:37 . 2010-07-12 15:37 -------- d-----w- c:\program files\QuickTime
2010-07-12 15:36 . 2010-07-12 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-12 15:36 . 2010-07-12 15:36 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-12 15:35 . 2010-07-12 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-12 15:32 . 2010-07-12 15:32 503808 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\msvcp71.dll
2010-07-12 15:32 . 2010-07-12 15:32 499712 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\jmc.dll
2010-07-12 15:32 . 2010-07-12 15:32 348160 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\msvcr71.dll
2010-07-12 15:32 . 2010-07-12 15:32 61440 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-13156ee7-n\decora-sse.dll
2010-07-12 15:32 . 2010-07-12 15:32 12800 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-13156ee7-n\decora-d3d.dll
2010-07-12 15:31 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 12:28 . 2010-07-07 12:28 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-07 11:12 . 2010-07-07 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-07-05 22:32 . 2010-07-05 22:32 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Avira
2010-07-05 07:02 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-05 07:02 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-05 07:02 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-05 07:02 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-05 07:01 . 2010-07-05 07:01 -------- d-----w- c:\program files\Avira
2010-07-05 07:01 . 2010-07-05 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-05 05:48 . 2010-07-05 05:50 52224 ----a-w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-05 05:47 . 2010-07-05 05:50 117760 ----a-w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-05 05:31 . 2010-07-05 05:31 -------- d-----w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com
2010-07-04 22:42 . 2010-07-04 22:42 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Adobe
2010-07-04 07:35 . 2010-07-04 07:35 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-04 07:35 . 2010-07-04 07:35 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-04 07:35 . 2010-07-04 07:35 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-04 07:35 . 2010-07-04 07:35 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-04 07:35 . 2010-07-04 07:35 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-04 07:34 . 2010-07-04 07:34 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-04 07:34 . 2010-07-04 07:34 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-04 07:34 . 2010-07-04 07:34 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-02 20:20 . 2006-02-17 11:19 139264 ----a-w- c:\windows\system32\UStorSrv.exe
2010-07-02 17:06 . 2010-07-02 17:06 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Yahoo
2010-07-02 16:19 . 2010-07-02 16:19 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Mozilla
2010-07-02 16:18 . 2010-07-02 16:18 -------- d-----w- c:\documents and settings\JPB\Application Data\ICAClient
2010-07-02 16:17 . 2010-07-02 16:17 -------- d-----w- c:\documents and settings\JPB\Application Data\DivX
2010-07-02 16:17 . 2010-07-02 16:17 -------- d-----w- c:\documents and settings\JPB\Application Data\Malwarebytes
2010-07-02 16:07 . 2010-07-02 16:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
2010-07-01 21:19 . 2010-07-01 21:19 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 21:18 . 2010-07-01 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-01 00:38 . 2010-07-01 00:38 -------- d-----w- C:\My Documents
2010-07-01 00:37 . 2010-07-01 00:37 -------- d-----w- C:\Application Data
2010-06-25 20:09 . 2010-06-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-25 20:09 . 2010-06-25 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-25 17:15 . 2010-06-25 17:15 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-06-25 17:12 . 2010-06-25 17:12 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-25 17:12 . 2010-06-25 17:12 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-25 17:11 . 2010-06-25 17:11 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-25 17:11 . 2010-06-25 17:11 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-25 17:11 . 2010-06-25 17:11 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-25 17:10 . 2010-06-25 17:10 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-25 17:10 . 2010-06-25 17:10 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-25 17:06 . 2010-06-25 17:06 734728 ----a-w- c:\documents and settings\PPSO88\Application Data\Real\RealPlayer\setup\AU_setup14.exe
2010-06-25 16:01 . 2010-06-25 16:01 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 03:08 . 2005-11-24 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 19:03 . 2009-05-05 23:15 -------- d-----w- c:\program files\CCleaner
2010-07-12 15:43 . 2007-08-29 06:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 15:34 . 2005-11-24 00:38 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 15:31 . 2005-11-24 00:38 -------- d-----w- c:\program files\Java
2010-07-07 12:20 . 2007-11-30 03:02 -------- d-----w- c:\program files\Bonjour
2010-07-07 00:45 . 2009-05-06 15:30 -------- d-----w- c:\documents and settings\PPSO88\Application Data\SUPERAntiSpyware.com
2010-07-06 10:13 . 2006-11-09 20:56 -------- d-----w- c:\program files\Google
2010-07-06 06:43 . 2008-12-12 09:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-06 06:25 . 2007-08-30 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-05 06:14 . 2007-06-18 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 08:36 . 2010-05-26 03:35 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-04 07:35 . 2010-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-04 07:35 . 2009-05-25 05:48 -------- d-----w- c:\program files\DivX
2010-07-04 07:27 . 2010-05-26 03:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-04 07:27 . 2010-05-26 03:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-01 21:48 . 2009-05-06 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-30 21:23 . 2005-11-24 00:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 20:09 . 2005-11-24 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-25 17:12 . 2010-03-22 18:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-25 17:12 . 2010-03-22 18:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-25 17:12 . 2010-03-22 18:25 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-25 17:11 . 2006-06-29 23:31 -------- d-----w- c:\program files\Common Files\Real
2010-06-25 17:10 . 2006-06-29 23:31 -------- d-----w- c:\program files\Real
2010-06-25 15:54 . 2010-05-26 03:32 -------- d-----w- c:\documents and settings\PPSO88\Application Data\DivX
2010-06-14 14:31 . 2004-08-11 23:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 02:09 . 2010-05-30 11:00 -------- d-----w- c:\program files\Sierra Wireless
2010-06-02 06:40 . 2010-06-02 06:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 05:47 . 2010-06-02 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-02 05:01 . 2010-06-02 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2010-06-02 01:09 . 2007-04-14 01:31 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-05-30 10:58 . 2010-05-30 10:58 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Sierra Wireless
2010-05-27 03:29 . 2007-10-30 01:15 -------- d-----w- c:\program files\WinAce
2010-05-26 03:31 . 2010-05-26 03:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-26 03:31 . 2010-05-26 03:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-26 03:31 . 2010-05-26 03:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-26 03:31 . 2010-05-26 03:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-26 03:31 . 2010-05-26 03:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-26 03:31 . 2010-05-26 03:31 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-26 03:31 . 2010-05-26 03:31 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-16 01:26 . 2010-05-16 01:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-04 17:20 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-03-02 20:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-05-06 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-05-06 00:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-14 1877272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-25 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
backup=c:\windows\pss\Desktop Application Director 9.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^map.lnk]
backup=c:\windows\pss\map.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
registrybooster [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 22:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-13 03:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 10:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-25 17:09 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"8614:TCP"= 8614:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"1820:TCP"= 1820:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3819:TCP"= 3819:TCP:Services
"9959:TCP"= 9959:TCP:Services
"4068:TCP"= 4068:TCP:Services
"9505:TCP"= 9505:TCP:Services
"6317:TCP"= 6317:TCP:Services
"8131:TCP"= 8131:TCP:Services
"3131:TCP"= 3131:TCP:Services
"9348:TCP"= 9348:TCP:Services
"8659:TCP"= 8659:TCP:Services
"8660:TCP"= 8660:TCP:Services
"1990:TCP"= 1990:TCP:Services
"2480:TCP"= 2480:TCP:Services
"3427:TCP"= 3427:TCP:Services
"5354:TCP"= 5354:TCP:Services
"9676:TCP"= 9676:TCP:Services
"9677:TCP"= 9677:TCP:Services
"8266:TCP"= 8266:TCP:Services
"8265:TCP"= 8265:TCP:Services
"6710:TCP"= 6710:TCP:Services
"6711:TCP"= 6711:TCP:Services
"5598:TCP"= 5598:TCP:Services
"9696:TCP"= 9696:TCP:Services
"2542:TCP"= 2542:TCP:Services
"3584:TCP"= 3584:TCP:Services
"6302:TCP"= 6302:TCP:Services
"6303:TCP"= 6303:TCP:Services
"6598:TCP"= 6598:TCP:Services
"6599:TCP"= 6599:TCP:Services
"4584:TCP"= 4584:TCP:Services
"7668:TCP"= 7668:TCP:Services
"8099:TCP"= 8099:TCP:Services
"8100:TCP"= 8100:TCP:Services
"4335:TCP"= 4335:TCP:Services
"7170:TCP"= 7170:TCP:Services
"6508:TCP"= 6508:TCP:Services
"6507:TCP"= 6507:TCP:Services
"7984:TCP"= 7984:TCP:Services
"4742:TCP"= 4742:TCP:Services
"9630:TCP"= 9630:TCP:Services
"9631:TCP"= 9631:TCP:Services
"4490:TCP"= 4490:TCP:Services
"7480:TCP"= 7480:TCP:Services
"8913:TCP"= 8913:TCP:Services
"8914:TCP"= 8914:TCP:Services
"3413:TCP"= 3413:TCP:Services
"5326:TCP"= 5326:TCP:Services
"5820:TCP"= 5820:TCP:Services
"5819:TCP"= 5819:TCP:Services
"6975:TCP"= 6975:TCP:Services
"6976:TCP"= 6976:TCP:Services
"7336:TCP"= 7336:TCP:Services
"7335:TCP"= 7335:TCP:Services
"6584:TCP"= 6584:TCP:Services
"6585:TCP"= 6585:TCP:Services
"9974:TCP"= 9974:TCP:Services
"9975:TCP"= 9975:TCP:Services
"9552:TCP"= 9552:TCP:Services
"9553:TCP"= 9553:TCP:Services
"5040:TCP"= 5040:TCP:Services
"8580:TCP"= 8580:TCP:Services
"6318:TCP"= 6318:TCP:Services
"6319:TCP"= 6319:TCP:Services
"7318:TCP"= 7318:TCP:Services
"7319:TCP"= 7319:TCP:Services
"3196:TCP"= 3196:TCP:Services
"2348:TCP"= 2348:TCP:Services
"7912:TCP"= 7912:TCP:Services
"7913:TCP"= 7913:TCP:Services
"4638:TCP"= 4638:TCP:Services
"3069:TCP"= 3069:TCP:Services
"3383:TCP"= 3383:TCP:Services
"5266:TCP"= 5266:TCP:Services
"8644:TCP"= 8644:TCP:Services
"8645:TCP"= 8645:TCP:Services
"7629:TCP"= 7629:TCP:Services
"7630:TCP"= 7630:TCP:Services
"6566:TCP"= 6566:TCP:Services
"6567:TCP"= 6567:TCP:Services
"3444:TCP"= 3444:TCP:Services
"5388:TCP"= 5388:TCP:Services
"9741:TCP"= 9741:TCP:Services
"9742:TCP"= 9742:TCP:Services
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"8069:TCP"= 8069:TCP:Services
"8070:TCP"= 8070:TCP:Services
"2888:TCP"= 2888:TCP:Services
"2194:TCP"= 2194:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/5/2010 2:02 AM 135336]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 5:04 PM 110984]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [11/23/2005 7:23 PM 80384]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 MotDev;Motorola Inc. USB Device; [x]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [3/24/2008 5:58 PM 899884]
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3473567101-1286528376-471160672-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3473567101-1286528376-471160672-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{31E80B77-D5EB-4B02-AE6A-0B4BF5752994}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\PPSO88\Application Data\Mozilla\Firefox\Profiles\nc6b34uq.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MPFExe - c:\program files\mcafee.com\personal firewall\MPfTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x863EF78A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75dff28
\Driver\ACPI -> ACPI.sys @ 0xf7472cb8
\Driver\atapi -> ntkrnlpa.exe @ 0x8057c2df
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Intel(R) PRO/Wireless 2915ABG Network Connection -> SendCompleteHandler -> 0x86455b60
PacketIndicateHandler -> NDIS.sys @ 0xf72d6a21
SendHandler -> NDIS.sys @ 0xf72b487b
user & kernel MBR OK
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-07-19 22:19:00
ComboFix-quarantined-files.txt 2010-07-20 03:18
ComboFix2.txt 2010-02-26 07:57
ComboFix3.txt 2010-02-26 05:04
ComboFix4.txt 2007-09-17 05:08

Pre-Run: 26,605,989,888 bytes free
Post-Run: 26,635,599,872 bytes free

- - End Of File - - 510974A13C937A3385C96B7178D80095
 
ESET log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d9022f0ecf10254183ffd3be7b8b4eff
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-20 06:27:40
# local_time=2010-07-20 01:27:40 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 0 37748342 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134932
# found=1
# cleaned=0
# scan_time=5220
C:\Documents and Settings\HelpAssistant.PPSO-D1G5MW81.000\Local Settings\Temp\plugtmp-2\plugin-pdf0x1.php JS/Exploit.Pdfka.OBK.Gen trojan 00000000000000000000000000000000 I
 
Avira log

Avira AntiVir Personal
Report file date: Monday, July 19, 2010 00:56

Scanning for 2360683 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : John
Computer name : PPSO-D1G5MW81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Monday, July 19, 2010 00:56

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'msdtc.exe' - '43' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'realsched.exe' - '34' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
Scan process 'MDM.EXE' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'Iap.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '70' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1867' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Monday, July 19, 2010 02:12
Used time: 1:15:51 Hour(s)

The scan has been done completely.

13754 Scanned directories
415191 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
415191 Files not concerned
4605 Archives were scanned
0 Warnings
0 Notes
925494 Objects were scanned with rootkit scan
2 Hidden objects were found
 
Avira AntiVir Personal
Report file date: Monday, July 19, 2010 00:56

Scanning for 2360683 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : John
Computer name : PPSO-D1G5MW81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Monday, July 19, 2010 00:56

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'msdtc.exe' - '43' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'realsched.exe' - '34' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
Scan process 'MDM.EXE' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'Iap.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '70' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1867' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Monday, July 19, 2010 02:12
Used time: 1:15:51 Hour(s)

The scan has been done completely.

13754 Scanned directories
415191 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
415191 Files not concerned
4605 Archives were scanned
0 Warnings
0 Notes
925494 Objects were scanned with rootkit scan
2 Hidden objects were found
 
Okay, sorry for the misunderstanding- I didn't mean for you to repost the logs pasted in. But let's do some cleaning up.
Multiple AV programs:
You have processes for Avira, Norton and McAfee loading. I see where you removed the McAfee firewall, but an entry remains. I can move this in the script I write for Combofix. For Norton, I recommend you run Norton Removal Tool I also see BitDefender, so let's gets a security check:

Download Security Check and save it to your Desktop.
  • Double-click SecurityCheck.exe to run.
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

I will need GMER as Combofix shows Rootkit malware but not what or where.

I don't need any more Avira scans so you can't delete those logs if you want. I will have you run an online scan.

I will wait on the Combofix script until I get the Security log and the GMER log.

EDIT: I recommend you uninstall the Uniblue Registry cleaner. Most of us don't recommend Registry cleaners. If you decide to keep it, please disable it while I'm helping you,
 
Update on blue screen error

I got the error today and the technical information was "***STOP: 0X0000008E (0XC0000005, OX805B63AD, OXB80C796C, 0X00000000)"

i will run the requested programs and post the logs shortly.

Thanks again for your help,
John
 
security checkup log

I ran norton uninstall prior to running security check


Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

``````````End of Log````````````
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-21 21:47:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PPSO88\LOCALS~1\Temp\uwtyrpod.sys


---- System - GMER 1.0.15 ----

SSDT F7BA30D4 ZwCreateThread
SSDT F7BA30C0 ZwOpenProcess
SSDT F7BA30C5 ZwOpenThread

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6274A80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01D9B9BB
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D9B558
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01D9B86D
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01D9B639
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01D9B70C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0123B9BB
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0123B558
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0123B86D
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0123B639
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0123B70C
.text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007DB9BB
.text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007DB558
.text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007DB86D
.text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007DB639
.text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007DB70C
.text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C2B9BB
.text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2B558
.text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C2B86D
.text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C2B639
.text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C2B70C
.text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BDB9BB
.text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BDB558
.text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BDB86D
.text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BDB639
.text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BDB70C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0199B9BB
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0199B558
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0199B86D
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0199B639
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0199B70C
.text C:\WINDOWS\system32\winlogon.exe[1352] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 015B2946
.text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015BB9BB
.text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015BB558
.text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015BB86D
.text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015BB639
.text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015BB70C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0093B9BB
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0093B558
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0093B86D
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0093B639
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0093B70C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011FB9BB
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011FB558
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011FB86D
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011FB639
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011FB70C
.text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0152B9BB
.text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0152B558
.text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0152B86D
.text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0152B639
.text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0152B70C
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 01522758
.text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0161B9BB
.text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0161B558
.text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0161B86D
.text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0161B639
.text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0161B70C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E3B9BB
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3B558
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E3B86D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E3B639
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E3B70C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 018DB9BB
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!send 71AB4C27 5 Bytes JMP 018DB558
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018DB86D
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!recv 71AB676F 5 Bytes JMP 018DB639
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 018DB70C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013CB9BB
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013CB558
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013CB86D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013CB639
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013CB70C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013FB9BB
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013FB558
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013FB86D
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013FB639
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013FB70C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F7B9BB
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F7B558
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F7B86D
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F7B639
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F7B70C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F1B9BB
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F1B558
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F1B86D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F1B639
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F1B70C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\cdudf_xp \Device\CdUdf_XP DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device B6E3ED20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
 
Will be back on August 2, 2010

I will be out of town and will not have access to this PC until August 2, 2010. Please post the next instructions and I will follow them as soon as I return and post the results.
Thanks for your help.
John
 
John, I am going to close this thread for now- so no one else posts on it. When you get back, send me a PM and I will reopen the thread..

Please don't keep running other cleaning programs. I now see OTL on the list.
1. I will make sure you have only 1 antivirus.
2. The time and possibly the date on the system might not be correct.
3. You have LimeWire on startup. That will have to stop for now.
4. You have the Uniblue Registry Booster and 'Tweaker' running. Both need to be disabled for now.
5. You have a malware infection that indicates a Bootkit or Rootkit virus. This might be related to the entry found in the Eset scan. That will require special programs.

Temporary close of thread until 8/2/2010

Remind me that this URL is: https://www.techspot.com/vb/topic150294.html#post910135
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
Shawn Knight
Google Pixel Fold 2 foldable phone leaked in high-res renders
Replies
4
Views
286
saladbarsmash
S
A
Firefox 112.0 improves performance with Intel GPU, bugfixes, and more
Replies
9
Views
634
Hodor
Hodor

Latest posts

Back