Hello everyone. - I am supporting a friend remotely and I was previously working on this issue with Bobby but the user did decide to run a scan on their own which conflicted with the rules.
I've told them that if they do so again, they will NOT be assisted and they have agreed to not touch the unit.
That being said, I'd like to begin the cleansing process if allowed...
Logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4526
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
9/1/2010 19:20:34
mbam-log-2010-09-01 (19-20-34).txt
Scan type: Quick scan
Objects scanned: 137172
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-01 19:27:42
Windows 6.0.6001 Service Pack 1
Running: w87l01ws.exe; Driver: C:\Users\Chris\AppData\Local\Temp\ufldapoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E3A7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E3A79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E3A7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
==
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Chris at 19:45:16.49 on Wed 09/01/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1637 [GMT -7:00]
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mri_di~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\l8k0id2p.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-17 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-17 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-17 50256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-25 99248]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-24 304464]
S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-8-24 1590216]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-24 20952]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-8-24 12096]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
=============== Created Last 30 ================
2010-08-30 04:42:17 0 d-----w- C:\$RECYCLE.BIN
2010-08-28 16:57:45 0 d-----w- c:\users\chris\appdata\roaming\Webroot
2010-08-28 16:24:14 82 ----a-w- c:\windows\qawin32.INI
2010-08-28 14:24:01 0 d-----w- c:\programdata\Sun
2010-08-28 14:23:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 13:47:41 0 d-----w- c:\program files\Windows Installer Clean Up
2010-08-28 13:47:34 0 d-----w- c:\program files\MSECACHE
2010-08-28 12:17:38 0 d-----w- c:\program files\JDownloader
2010-08-25 04:51:39 0 d-----w- c:\program files\ESET
2010-08-25 04:48:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 04:48:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 04:48:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 04:27:59 23872 ----a-w- c:\windows\system32\mv2.dll
2010-08-25 04:27:59 12096 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-08-25 04:27:51 0 d-----w- c:\program files\UltraVNC
2010-08-18 12:21:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-18 11:57:06 0 d-----w- c:\programdata\Lavasoft
2010-08-18 11:57:06 0 d-----w- c:\program files\Lavasoft
2010-08-18 05:18:36 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-18 05:18:11 38848 ----a-w- c:\windows\avastSS.scr
2010-08-18 05:18:08 0 d-----w- c:\programdata\Alwil Software
2010-08-17 02:40:56 0 d-----w- c:\program files\roguescanfix
2010-08-17 02:32:07 0 d-----w- c:\windows\LMI7445.tmp
2010-08-17 02:27:38 0 d-----w- c:\program files\Trend Micro
2010-08-15 17:01:06 0 d-----w- c:\users\chris\appdata\roaming\TeamViewer
2010-08-15 15:49:02 0 d-----w- c:\users\chris\appdata\roaming\PCToolsFirewallPlus
2010-08-15 15:49:01 0 d-----w- c:\users\chris\appdata\roaming\Spam Monitor
2010-08-15 14:44:08 0 d-----w- c:\programdata\PC Tools
2010-08-15 14:44:08 0 d-----w- c:\program files\PC Tools Internet Security
2010-08-15 14:43:38 0 d-----w- c:\users\chris\appdata\roaming\Swhst
2010-08-15 14:09:02 798 ---ha-w- C:\IPH.PH
2010-08-15 14:09:02 0 d-----w- C:\TEMP
2010-08-15 14:01:16 0 d-----w- c:\program files\common files\PC Tools
2010-08-15 14:01:14 0 d---a-w- c:\programdata\TEMP
2010-08-15 13:11:46 4213696 ----a-w- C:\ExterminateIt.exe
2010-08-15 07:16:34 0 d-----w- c:\program files\Exterminate It!
2010-08-15 06:51:29 226688 ----a-w- C:\BdUninstallTool2010.08.14-11.51.29.reg
2010-08-15 04:22:02 0 d-----w- c:\users\chris\appdata\roaming\QuickScan
2010-08-14 22:56:26 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-10 03:34:33 15892480 ----a-w- C:\Ad-AwareInstall.exe
2010-08-10 03:03:53 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 03:03:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-10 02:44:19 16409960 ----a-w- C:\spybotsd162.exe
2010-08-10 02:12:38 35 ----a-w- c:\users\chris\appdata\roaming\SetValue.bat
2010-08-10 02:12:37 691 ----a-w- c:\users\chris\appdata\roaming\GetValue.vbs
2010-08-09 23:56:45 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2010-08-09 23:56:27 0 d-----w- c:\programdata\Malwarebytes
2010-08-09 23:50:12 0 d-----w- c:\program files\TeamViewer
2010-08-03 22:46:16 221300608 ----a-w- c:\windows\MEMORY.DMP
==================== Find3M ====================
2010-08-31 16:10:00 4022 ----a-w- c:\users\chris\appdata\roaming\wklnhst.dat
2010-08-25 04:28:06 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-25 04:28:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-25 04:28:05 86016 ----a-w- c:\windows\inf\infstor.dat
2008-08-03 09:44:02 174 --sha-w- c:\program files\desktop.ini
2008-08-03 09:31:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-01 06:44:18 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-15 06:45:41 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 19:46:17.53 ===============
==
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2007 12:27:24
System Uptime: 9/1/2010 19:36:25 (0 hours ago)
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1599/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 288 GiB total, 216.985 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.524 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
BlackBerry Desktop Software 4.5
Bonjour
Chicago Blackhawks Desktop Communicator
Digital Media Reader
ESET Online Scanner v3
Exterminate It!
FUJIFILM FinePixViewer S Ver.2.1
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
JDownloader
Lexmark 2500 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Power2Go 5.0
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Smart Menus (Windows Live Toolbar)
Spare Backup
TeamViewer 5
Tradewinds
UltraVNC 1.0.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
==== End Of File ===========================
I've told them that if they do so again, they will NOT be assisted and they have agreed to not touch the unit.
That being said, I'd like to begin the cleansing process if allowed...
Logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4526
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
9/1/2010 19:20:34
mbam-log-2010-09-01 (19-20-34).txt
Scan type: Quick scan
Objects scanned: 137172
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-01 19:27:42
Windows 6.0.6001 Service Pack 1
Running: w87l01ws.exe; Driver: C:\Users\Chris\AppData\Local\Temp\ufldapoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E3A7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E3A79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E3A7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
==
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Chris at 19:45:16.49 on Wed 09/01/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1637 [GMT -7:00]
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mri_di~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\l8k0id2p.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-17 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-17 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-17 50256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-25 99248]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-24 304464]
S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-8-24 1590216]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-24 20952]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-8-24 12096]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
=============== Created Last 30 ================
2010-08-30 04:42:17 0 d-----w- C:\$RECYCLE.BIN
2010-08-28 16:57:45 0 d-----w- c:\users\chris\appdata\roaming\Webroot
2010-08-28 16:24:14 82 ----a-w- c:\windows\qawin32.INI
2010-08-28 14:24:01 0 d-----w- c:\programdata\Sun
2010-08-28 14:23:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 13:47:41 0 d-----w- c:\program files\Windows Installer Clean Up
2010-08-28 13:47:34 0 d-----w- c:\program files\MSECACHE
2010-08-28 12:17:38 0 d-----w- c:\program files\JDownloader
2010-08-25 04:51:39 0 d-----w- c:\program files\ESET
2010-08-25 04:48:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 04:48:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 04:48:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 04:27:59 23872 ----a-w- c:\windows\system32\mv2.dll
2010-08-25 04:27:59 12096 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-08-25 04:27:51 0 d-----w- c:\program files\UltraVNC
2010-08-18 12:21:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-18 11:57:06 0 d-----w- c:\programdata\Lavasoft
2010-08-18 11:57:06 0 d-----w- c:\program files\Lavasoft
2010-08-18 05:18:36 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-18 05:18:11 38848 ----a-w- c:\windows\avastSS.scr
2010-08-18 05:18:08 0 d-----w- c:\programdata\Alwil Software
2010-08-17 02:40:56 0 d-----w- c:\program files\roguescanfix
2010-08-17 02:32:07 0 d-----w- c:\windows\LMI7445.tmp
2010-08-17 02:27:38 0 d-----w- c:\program files\Trend Micro
2010-08-15 17:01:06 0 d-----w- c:\users\chris\appdata\roaming\TeamViewer
2010-08-15 15:49:02 0 d-----w- c:\users\chris\appdata\roaming\PCToolsFirewallPlus
2010-08-15 15:49:01 0 d-----w- c:\users\chris\appdata\roaming\Spam Monitor
2010-08-15 14:44:08 0 d-----w- c:\programdata\PC Tools
2010-08-15 14:44:08 0 d-----w- c:\program files\PC Tools Internet Security
2010-08-15 14:43:38 0 d-----w- c:\users\chris\appdata\roaming\Swhst
2010-08-15 14:09:02 798 ---ha-w- C:\IPH.PH
2010-08-15 14:09:02 0 d-----w- C:\TEMP
2010-08-15 14:01:16 0 d-----w- c:\program files\common files\PC Tools
2010-08-15 14:01:14 0 d---a-w- c:\programdata\TEMP
2010-08-15 13:11:46 4213696 ----a-w- C:\ExterminateIt.exe
2010-08-15 07:16:34 0 d-----w- c:\program files\Exterminate It!
2010-08-15 06:51:29 226688 ----a-w- C:\BdUninstallTool2010.08.14-11.51.29.reg
2010-08-15 04:22:02 0 d-----w- c:\users\chris\appdata\roaming\QuickScan
2010-08-14 22:56:26 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-10 03:34:33 15892480 ----a-w- C:\Ad-AwareInstall.exe
2010-08-10 03:03:53 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 03:03:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-10 02:44:19 16409960 ----a-w- C:\spybotsd162.exe
2010-08-10 02:12:38 35 ----a-w- c:\users\chris\appdata\roaming\SetValue.bat
2010-08-10 02:12:37 691 ----a-w- c:\users\chris\appdata\roaming\GetValue.vbs
2010-08-09 23:56:45 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2010-08-09 23:56:27 0 d-----w- c:\programdata\Malwarebytes
2010-08-09 23:50:12 0 d-----w- c:\program files\TeamViewer
2010-08-03 22:46:16 221300608 ----a-w- c:\windows\MEMORY.DMP
==================== Find3M ====================
2010-08-31 16:10:00 4022 ----a-w- c:\users\chris\appdata\roaming\wklnhst.dat
2010-08-25 04:28:06 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-25 04:28:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-25 04:28:05 86016 ----a-w- c:\windows\inf\infstor.dat
2008-08-03 09:44:02 174 --sha-w- c:\program files\desktop.ini
2008-08-03 09:31:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-01 06:44:18 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-15 06:45:41 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 19:46:17.53 ===============
==
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2007 12:27:24
System Uptime: 9/1/2010 19:36:25 (0 hours ago)
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1599/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 288 GiB total, 216.985 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.524 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
BlackBerry Desktop Software 4.5
Bonjour
Chicago Blackhawks Desktop Communicator
Digital Media Reader
ESET Online Scanner v3
Exterminate It!
FUJIFILM FinePixViewer S Ver.2.1
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
JDownloader
Lexmark 2500 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Power2Go 5.0
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Smart Menus (Windows Live Toolbar)
Spare Backup
TeamViewer 5
Tradewinds
UltraVNC 1.0.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
==== End Of File ===========================