Rogue Malware, Permission popups after spoof Firefox/Flash Update

Inactive
By brentjonas
Oct 28, 2010
Topic Status:
Not open for further replies.
  1. On October 26, I was fooled by the Firefox/Flash update - Rogue malware. I unfortunately did not find this site until today. I ran MBAM initially on October 26, and I've included that report below for reference purposes. Today I've done the 8/6 steps and have the required log files. The main problem now is at startup & on launch of programs (Firefox mainly, but others as well), I get the Windows "you do not have approriate permissions" popup, but then the program will (slowly) start. Also, I'm still getting the redirect when I do Google searches. I've had about enough and I hope you guys can please help.

    Initial MBAM from 10/26:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4954

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/26/2010 4:50:49 PM
    mbam-log-2010-10-26 (16-50-49).txt

    Scan type: Quick scan
    Objects scanned: 157712
    Time elapsed: 21 minute(s), 18 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 0
    Registry Keys Infected: 23
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    C:\Documents and Settings\Brent\Local Settings\Temp\Mxx.exe (Rootkit.TDSS) -> Unloaded process successfully.
    C:\WINDOWS\Mqowia.exe (Rootkit.TDSS) -> Unloaded process successfully.
    C:\Documents and Settings\Brent\Local Settings\Temp\Mxy.exe (Rootkit.TDSS) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Rootkit.TDSS) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Brent\Local Settings\Temp\Mxx.exe (Rootkit.TDSS) -> Delete on reboot.
    C:\WINDOWS\Mqowia.exe (Rootkit.TDSS) -> Delete on reboot.
    C:\Documents and Settings\Brent\Local Settings\Temp\Mxy.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brent\My Documents\downloads\firefox-update(2).exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brent\My Documents\downloads\firefox-update.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brent\Local Settings\Temp\Mxw.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    ==

    MBAM Log from today 10/28/10:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4974

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/28/2010 9:57:32 AM
    mbam-log-2010-10-28 (09-57-32).txt

    Scan type: Quick scan
    Objects scanned: 155570
    Time elapsed: 13 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ====================================

    GMER log:

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-28 14:31:23
    Windows 5.1.2600 Service Pack 3
    Running: 93uvnnpu.exe; Driver: C:\DOCUME~1\Brent\LOCALS~1\Temp\ugriqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xA87D2620]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the file specified. !
    ? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e dvd43llh.sys (dvd43llh.sys/RIF)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    ---- Processes - GMER 1.0.15 ----

    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1112] 0x10000000

    ---- EOF - GMER 1.0.15 ----

    DDS.txt:


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Brent at 14:36:24.06 on Thu 10/28/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1317 [GMT -4:00]

    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\RMClient\PMClient.exe
    C:\Documents and Settings\Brent\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    I:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ctarmls.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070508
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070508
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: Telephony Toolbar Services: {431a60e6-675f-4b9f-b3f0-66e0fecc8b34} - c:\program files\windstream\windstream assistant enterprise\bin\BW_Assistant_Enterprise_IE_S.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    BHO: Telephony Toolbar Call Control: {8f1ff1a7-c048-4d6b-b052-56e42ce427cb} - c:\program files\windstream\windstream assistant enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll
    BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Telephony Toolbar Call Control: {6f6690b9-c5db-4f08-8833-f2ef4dee956b} - c:\program files\windstream\windstream assistant enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll
    TB: Telephony Toolbar Services: {f10d927f-d3df-4734-98ab-dd258253f5fd} - c:\program files\windstream\windstream assistant enterprise\bin\BW_Assistant_Enterprise_IE_S.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [BuildBU] c:\dell\bldbubg.exe
    mRun: [JobHisInit] c:\program files\rmclient\JobHisInit.exe
    mRun: [MplSetUp] c:\program files\rmclient\MplSetUp.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRunOnce: [InstallShieldSetup] "c:\program files\installshield installation information\{c4a4722e-79f9-417c-bd72-8d359a090c97}\setup.exe" -reboot"c:\program files\installshield installation information\{c4a4722e-79f9-417c-bd72-8d359a090c97}\reboot.ini"
    mRunOnce: [Malwarebytes' Anti-Malware] i:\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\brent\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\brent\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\iogear\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartn~1.lnk - c:\program files\rmclient\PMClient.exe
    IE: &Dial - c:\program files\windstream\windstream assistant enterprise\conf\dialIE.htm
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\brent\application data\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\brent\application data\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: Send To &Bluetooth - c:\program files\iogear\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} - hxxp://www.crsdata.net/CRSDataObject/CRSNInfo.cab
    DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://imgweb.charlestoncounty.org/appnet/activex/OBXWebSelect.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182866310795
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://imgweb.charlestoncounty.org/AppNet/activex/OBXPopup.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://imgweb.charlestoncounty.org/appnet/activex/OBXWebViewer.cab
    TCP: {F2F06B99-4D23-426C-BF2C-4664DDE16D2A} = 64.89.70.2
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\brent\applic~1\mozilla\firefox\profiles\ngqkmdmk.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.cnn.com
    FF - component: c:\documents and settings\brent\application data\mozilla\firefox\profiles\ngqkmdmk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
    FF - component: c:\documents and settings\brent\application data\mozilla\firefox\profiles\ngqkmdmk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\documents and settings\brent\application data\mozilla\firefox\profiles\ngqkmdmk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - plugin: c:\documents and settings\brent\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\brent\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\brent\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\documents and settings\brent\application data\mozilla\firefox\profiles\ngqkmdmk.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\brent\application data\mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
    R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-2-28 18944]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-6-8 3712]
    RUnknown SASDIFSV;SASDIFSV; [x]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c98617833a5597;Google Update Service (gupdate1c98617833a5597);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-18 30192]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-9 14424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-28 13:42:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 13:42:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-27 18:55:02 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2010-10-27 18:55:02 -------- d-----w- c:\program files\Belarc
    2010-10-27 15:33:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Softland
    2010-10-27 15:32:00 -------- d-----w- c:\program files\Softland
    2010-10-27 15:32:00 -------- d-----w- c:\docume~1\brent\applic~1\Softland
    2010-10-27 15:28:56 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{29d2b6b5-ba35-4532-8626-66d53244e938}\mpengine.dll
    2010-10-27 13:05:54 40960 ----a-r- c:\docume~1\brent\applic~1\microsoft\installer\{0ab76f69-e761-4cfa-b9b0-a1906b4e9e4b}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2010-10-27 13:05:53 -------- d-----w- c:\program files\Western Digital Technologies
    2010-10-27 13:02:29 -------- d-----w- c:\windows\system32\NtmsData
    2010-10-27 13:01:28 -------- d-----w- c:\docume~1\brent\locals~1\applic~1\MigWiz
    2010-10-27 02:10:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-10-26 20:27:41 -------- d-----w- c:\docume~1\brent\applic~1\Malwarebytes
    2010-10-26 20:27:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-26 20:15:54 103424 --sha-r- c:\windows\system32\hptcpmui0.dll
    2010-10-13 12:23:46 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 12:23:46 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 12:23:30 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-12 18:31:44 -------- d-----w- c:\program files\TweetDeck
    2010-09-30 14:31:57 -------- d-----w- c:\program files\iPod
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-09-30 14:27:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-09-28 20:35:23 -------- d-----w- c:\docume~1\brent\applic~1\BroadSoft
    2010-09-28 20:34:53 -------- d-----w- c:\program files\Windstream

    ==================== Find3M ====================

    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-09 22:39:14 2826240 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 14:36:41.20 ===============

    =============================================

    Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/11/2007 11:25:08 AM
    System Uptime: 10/28/2010 9:31:06 AM (5 hours ago)

    Motherboard: Dell Inc. | | 0KD882
    Processor: Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz | Microprocessor | 1728/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 69 GiB total, 24.081 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 149 GiB total, 30.96 GiB free.
    I: is FIXED (FAT32) - 6 GiB total, 3.772 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1390 WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
    Manufacturer: Broadcom
    Name: Dell Wireless 1390 WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
    Service: BCM43XX

    ==== System Restore Points ===================

    RP1: 10/26/2010 4:53:50 PM - System Checkpoint
    RP2: 10/26/2010 10:37:15 PM - Revo Uninstaller's restore point - MP3MyMP3 3.0
    RP3: 10/27/2010 9:53:27 AM - Revo Uninstaller's restore point - RocketDock 1.3.5
    RP4: 10/27/2010 11:28:53 AM - Software Distribution Service 3.0
    RP5: 10/28/2010 9:32:33 AM - Revo Uninstaller's restore point - SUPERAntiSpyware
    RP6: 10/28/2010 9:34:50 AM - Revo Uninstaller's restore point - Samsung PC Studio 3
    RP7: 10/28/2010 9:35:07 AM - Removed Samsung PC Studio 3
    RP8: 10/28/2010 9:39:21 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

    ==== Installed Programs ======================


    ĀµTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    aiofw
    aioocr
    aioprnt
    aioscnnr
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.12 (Unicode)
    AutocompletePro
    Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
    Autodesk MapGuide(R) Viewer Plug-In Release 6.5
    AX88772_2KXP
    Belarc Advisor 8.1
    Bonjour
    Broadcom Management Programs
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 3.0
    Canon MP560 series MP Drivers
    Canon MP560 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    CDDRV_Installer
    center
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Corel Paint Shop Pro X
    Dell Wireless WLAN Card
    Digital Photography Winter Fun Pack
    Dropbox
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    DVD43 v4.6.0
    DVDVideoSoftTB Toolbar
    eSupportQFolder
    FBackup 4
    ffdshow [rev 1685] [2007-12-06]
    Foxit PDF IFilter
    Foxit Reader
    FoxyTunes for Firefox
    Free Audio CD Burner version 1.4
    Free Audio Dub version 1.2
    Free DVD Video Burner version 2.3
    Free DVD Video Converter version 1.4
    Free DWG Viewer 6.2
    Free Mp3 Wma Ogg Converter 7.1.1
    Free PDF to Word Doc Converter v1.1
    Free Studio version 4.6
    Free Video Dub version 1.2
    Free Video Flip and Rotate version 1.4
    Free Video to DVD Converter version 1.5
    Free Video to Mp3 Converter version 2.8
    Free YouTube to iPod Converter version 2.8
    Free YouTube to MP3 Converter version 3.8
    Freemake Video Converter version 1.1.7
    Google Chrome
    Google Desktop
    Google Earth
    Google Update Helper
    Google Updater
    Handbrake 0.9.4
    Help_CTR
    helptut
    helpug
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    HP Photo and Imaging 2.3 - Scanjet 4600 Series
    HP Product Assistant
    HP Solution Center and Imaging Support Tools 6.0
    HP Update
    HPProductAssistant
    Image Resizer Powertoy for Windows XP
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    IOGEAR Bluetooth Software
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java Forms Viewer
    Java(TM) 6 Update 2
    Java(TM) 6 Update 21
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    KhalInstallWrapper
    KODAK All-in-One Printer Software
    ksdip
    Logitech Desktop Messenger
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    MediaDirect
    meta-iPod, the iTunes Cleaner 1.8
    MFC RunTime files
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft MapPoint North America 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Modem Helper
    Move Media Player
    Moyea FLV Downloader version 1.15.0.15
    Moyea FLV Player version 1.5.2.7
    Moyea FLV to Video Converter Pro version 1.29.2.11
    Mozilla Firefox (3.6.11)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyPublisher
    netbrdg
    Octoshape add-in for Adobe Flash Player
    office Convert Pdf to Jpg Jpeg Tiff Free 6.4
    Orbit Downloader
    Palm Desktop
    PeerBlock 1.0.0 (r181)
    Picasa 3
    PocketMirror 3.1.3 (Standard Edition)
    PowerCinema NE for Everio
    PowerDirector Express
    PowerProducer
    PrimoPDF
    QuickSet
    QuickTime
    Revo Uninstaller 1.90
    Rio Internet Update
    Rio Music Manager
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Sentrilock Card Utility
    SFR
    SmartNetMonitor for Client
    SnagIt 7
    SolutionCenter
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    StreamTransport version: 1.0.2.1700
    Synaptics Pointing Device Driver
    TweetDeck
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Veetle TV 0.9.18
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.0
    WD Diagnostics
    WebFldrs XP
    WebReg
    Winamp
    WinDirStat 1.1.2
    Windows Defender
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    Windstream Assistant - Enterprise 16 (16.0.178.1) RC
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    10/28/2010 9:03:36 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The Kodak AiO Device Service service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 9:03:35 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    10/28/2010 9:03:35 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/28/2010 11:13:12 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    10/28/2010 11:08:43 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/27/2010 8:56:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Lbd MpFilter SASDIFSV SASKUTIL StarOpen
    10/27/2010 8:10:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/27/2010 8:09:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/27/2010 8:08:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec Lbd MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip
    10/27/2010 8:08:43 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/27/2010 8:08:43 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/27/2010 8:08:43 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/27/2010 8:08:43 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/27/2010 8:08:43 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/27/2010 5:23:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV BANTExt Fips intelppm Lbd MpFilter SASDIFSV SASKUTIL StarOpen
    10/27/2010 12:18:35 AM, error: BTWUSB [43] -
    10/26/2010 9:18:06 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    10/26/2010 5:30:11 PM, error: RemoteAccess [20106] - Unable to add the interface {3166BB0A-89CD-43CD-AFE7-25D1D3B14DF7} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
    10/26/2010 5:30:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    10/26/2010 5:29:31 PM, error: NETLOGON [5719] - No Domain Controller is available for domain RAVENEL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    10/26/2010 5:29:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 00197DD92CE7 has been denied by the DHCP server 74.223.186.96 (The DHCP Server sent a DHCPNACK message).
    10/26/2010 5:28:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.112 for the Network Card with network address 0050B640F0CA has been denied by the DHCP server 74.223.186.96 (The DHCP Server sent a DHCPNACK message).
    10/26/2010 5:27:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/26/2010 5:18:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Lbd MpFilter StarOpen
    10/26/2010 5:18:01 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2010 10:38:27 AM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    10/25/2010 7:47:07 AM, error: Dhcp [1002] - The IP address lease 192.168.10.6 for the Network Card with network address 00197DD92CE7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    10/22/2010 7:35:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 00197DD92CE7 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:

    Code:
    File::
    c:\windows\system32\drivers\lbd.sys 
    Extra::
    Firefox::
    Firefox-:- Profile - c:\docume~1\brent\applic~1\mozilla\firefox\profiles\ngqkmdmk.default\
    
    DDS::
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    
    Folder::
    
    Registry::
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    
    Driver::
    SASDIFSV
    SASKUTIL
    Lbd
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    You might want to consider removing or disabling some of these processes so that there is one of each running. Better each, take all off of startup because none need to start on boot f run in the background/

    Cleaners:
    Revo Uninstaller 1.90
    CCleaner


    Pronters, scanners or AIO:
    Canon Utilities My Printer
    HP Photo and Imaging 2.3 - Scanjet 4600 Series
    HP Product Assistant
    HP Solution Center and Imaging Support Tools 6.0
    KODAK All-in-One Printer Software
    LexBce Server
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.