WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
can not access internet due to virus or malware
Started by
forest5678
, Apr 14 2011 06:29 PM
This topic is locked
144 replies to this topic
#46
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 22 May 2011 - 04:36 PM
Register to Remove
#47
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 23 May 2011 - 03:13 AM
Hi forest5678,
Let's give this tool a try.
Download WinsockXPFix and transfer it to the effected computer's desktop.
Double click the file to run it
Let's give this tool a try.
Download WinsockXPFix and transfer it to the effected computer's desktop.
Double click the file to run it
- Click the ReG-Backup button to create a registry backup
- Save the backup to a folder you can locate
- After the backup is finished click the Fix button
- Click yes to apply the fix
- Click yes when asked to reboot
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#48
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 23 May 2011 - 09:39 AM
no still can not connect.
thanks!
#49
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 23 May 2011 - 02:09 PM
Hi forest5678,
Let's see if we can get OTL to run. There may have been a problem with the copy you had before. Delete the copy you have from the computer's desktop (we renamed it explorer.exe). Download a new copy from OTL
Post the log if one is produced.
Let's see if we can get OTL to run. There may have been a problem with the copy you had before. Delete the copy you have from the computer's desktop (we renamed it explorer.exe). Download a new copy from OTL
Post the log if one is produced.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#50
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 23 May 2011 - 03:05 PM
The program would not open, I even tried renaming it again. No luck.
Thanks!
#51
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 23 May 2011 - 07:23 PM
Hi forest5678,
Rename it to DDS.scr if it still won't run try running it in safe mode.
Rename it to DDS.scr if it still won't run try running it in safe mode.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#52
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 23 May 2011 - 10:11 PM
I tried and it will still not run.
Thanks!
#53
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 25 May 2011 - 06:30 AM
Hi forest5678,
Do you recall the infection you had? We still have some other things to try.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#54
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 25 May 2011 - 03:11 PM
no I do not recall what infection I had, I do not think I ever knew. It will not let me connect to the internet and it was blocking me from opening virus protection programs.
Thanks!!!
#55
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 25 May 2011 - 07:01 PM
Hi forest5678,
It's possible you are still infected.
Download and transfer these 2 programs to the infected computer's desktop.
Download aswMBR.exe ( 511KB ).
Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE.
On the infected computer
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
GMER
Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
If GMER will not run in normal windows, please run it in Safe Mode
Please post back with
It's possible you are still infected.
Download and transfer these 2 programs to the infected computer's desktop.
Download aswMBR.exe ( 511KB ).
Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE.
On the infected computer
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
GMER
Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
If GMER will not run in normal windows, please run it in Safe Mode
Please post back with
- awsMBR log
- GMER log
- MBR.dat (attached)
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.Register to Remove
#56
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 28 May 2011 - 12:29 PM
Hi,
Still with us?
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#57
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 31 May 2011 - 07:04 PM
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-26 15:12:05
-----------------------------
15:12:05.328 OS Version: Windows 5.1.2600 Service Pack 2
15:12:05.328 Number of processors: 4 586 0x170A
15:12:05.328 ComputerName: MIXER UserName:
15:12:06.468 Initialize success
15:12:23.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
15:12:23.609 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
15:12:23.609 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
15:12:23.609 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:12:23.625 Disk 0 MBR read successfully
15:12:23.625 Disk 0 MBR scan
15:12:23.625 Disk 0 Windows XP default MBR code
15:12:23.625 Disk 0 scanning sectors +1250258625
15:12:23.656 Disk 0 scanning C:\windows\system32\drivers
15:12:31.187 Service scanning
15:12:32.187 Disk 0 trace - called modules:
15:12:32.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
15:12:32.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3d56d8]
15:12:32.187 3 CLASSPNP.SYS[b810905b] -> nt!IofCallDriver -> \Device\000000b3[0x8b42b880]
15:12:32.203 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8b3d7a38]
15:12:32.203 Scan finished successfully
15:12:55.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DJ Dash\Desktop\MBR.dat"
15:12:55.609 The log file has been saved successfully to "C:\Documents and Settings\DJ Dash\Desktop\aswMBR.txt"
15:13:07.031 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
15:13:07.046 The log file has been saved successfully to "H:\aswMBR.txt"
when I tried running the other test to get the GMER log results it kept crashing, so I ran each one you asked for by itself. The only one I could not get were the files section. And if some sections are missing its because they had a zero outcome. So here are the GMERlogs.
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 00:58:55
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 01:11:15
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0x01 0xC0 0x66 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027205d7da
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027205d7da (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam@ MIXER
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@LangID 0x09 0x04
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%windir%\System32\ieframe.dll.mui,-12385 Favorites Bar
Reg HKLM\SOFTWARE\Classes\.wll@ Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll@NoOpen
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 02:22:26
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0x01 0xC0 0x66 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027205d7da
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027205d7da (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam@ MIXER
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@LangID 0x09 0x04
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%windir%\System32\ieframe.dll.mui,-12385 Favorites Bar
Reg HKLM\SOFTWARE\Classes\.wll@ Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll@NoOpen
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
---- EOF - GMER 1.0.15 ----
I tried to attach the mbr.dat file but it will not allow me.
Thanks!!!!
Run date: 2011-05-26 15:12:05
-----------------------------
15:12:05.328 OS Version: Windows 5.1.2600 Service Pack 2
15:12:05.328 Number of processors: 4 586 0x170A
15:12:05.328 ComputerName: MIXER UserName:
15:12:06.468 Initialize success
15:12:23.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
15:12:23.609 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
15:12:23.609 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
15:12:23.609 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:12:23.625 Disk 0 MBR read successfully
15:12:23.625 Disk 0 MBR scan
15:12:23.625 Disk 0 Windows XP default MBR code
15:12:23.625 Disk 0 scanning sectors +1250258625
15:12:23.656 Disk 0 scanning C:\windows\system32\drivers
15:12:31.187 Service scanning
15:12:32.187 Disk 0 trace - called modules:
15:12:32.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
15:12:32.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3d56d8]
15:12:32.187 3 CLASSPNP.SYS[b810905b] -> nt!IofCallDriver -> \Device\000000b3[0x8b42b880]
15:12:32.203 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8b3d7a38]
15:12:32.203 Scan finished successfully
15:12:55.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DJ Dash\Desktop\MBR.dat"
15:12:55.609 The log file has been saved successfully to "C:\Documents and Settings\DJ Dash\Desktop\aswMBR.txt"
15:13:07.031 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
15:13:07.046 The log file has been saved successfully to "H:\aswMBR.txt"
when I tried running the other test to get the GMER log results it kept crashing, so I ran each one you asked for by itself. The only one I could not get were the files section. And if some sections are missing its because they had a zero outcome. So here are the GMERlogs.
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 00:58:55
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 01:11:15
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0x01 0xC0 0x66 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027205d7da
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027205d7da (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam@ MIXER
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@LangID 0x09 0x04
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%windir%\System32\ieframe.dll.mui,-12385 Favorites Bar
Reg HKLM\SOFTWARE\Classes\.wll@ Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll@NoOpen
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 02:22:26
Windows 5.1.2600 Service Pack 2
Running: gb937c9l.exe; Driver: C:\DOCUME~1\DJDASH~1\LOCALS~1\Temp\kxtdypow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0x01 0xC0 0x66 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027205d7da
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027205d7da (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@00027205d7da 0xC3 0xA0 0xA2 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761e20411@000761e674ba 0xB0 0x18 0xE7 0x6C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam@ MIXER
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@LangID 0x09 0x04
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1645522239-725345543-1028\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%windir%\System32\ieframe.dll.mui,-12385 Favorites Bar
Reg HKLM\SOFTWARE\Classes\.wll@ Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll@NoOpen
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.wll\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
---- EOF - GMER 1.0.15 ----
I tried to attach the mbr.dat file but it will not allow me.
Thanks!!!!
#58
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 01 June 2011 - 03:16 PM
Hi forest5678,
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download this version of the Recoverey console, Pro
Download ComboFix from one of these locations:
Link 1
Link 2
Transfer both files directly to the infected computer's desktop.
Disable any security programs you have installed.
With your left mouse button, drag the file onto the combofix icon as shown below. This will start combofix so don't do anything else.
Once the Recovery console is installed, click yes to continue the scan.
Please post back with the combofix log.
Thanks
There may be a problem with the forum at the moment. you have a copy on your H:\ drive. Hang onto it as a backup for now.I tried to attach the mbr.dat file but it will not allow me.
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download this version of the Recoverey console, Pro
Download ComboFix from one of these locations:
Link 1
Link 2
Transfer both files directly to the infected computer's desktop.
Disable any security programs you have installed.
With your left mouse button, drag the file onto the combofix icon as shown below. This will start combofix so don't do anything else.
Once the Recovery console is installed, click yes to continue the scan.
Please post back with the combofix log.
Thanks
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#59
forest5678
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 01 June 2011 - 04:38 PM
ComboFix 11-06-01.04 - DJ Dash 06/01/2011 17:16:43.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2287 [GMT -5:00]
Running from: c:\documents and settings\DJ Dash\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DJ Dash\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-05-30 22:59 . 2011-05-31 09:49 -------- d-----w- c:\documents and settings\DJ Dash\Application Data\Easy Duplicate Finder
2011-05-30 14:42 . 2011-05-30 14:42 -------- d-----w- c:\documents and settings\DJ Dash\Application Data\Vistanita
2011-05-23 13:20 . 2011-05-23 13:20 -------- d-----w- C:\winsock5
2011-05-09 15:48 . 2011-05-09 15:48 -------- d-----w- c:\program files\Adolix
2011-05-09 15:48 . 2010-08-13 18:04 2082816 ----a-w- c:\windows\system32\QuickPDFAX0721.dll
2011-05-09 15:42 . 2011-05-09 15:42 -------- d-----w- c:\program files\A-PDF Split
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 00:24 . 2011-04-15 00:24 388096 ----a-r- c:\documents and settings\DJ Dash\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-23 22:37 . 2009-09-08 10:57 164880 ---ha-w- c:\documents and settings\DJ Dash\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-11-03 09:05 . 2009-05-08 23:04 4987136 ----a-w- c:\program files\Common Files\lpuninstall.exe
2009-06-09 09:06 . 2009-06-09 09:06 1589760 -c--a-w- c:\program files\Abander_TagControl.exe
2010-11-30 00:40 . 2010-11-24 02:14 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-11-30 00:40 . 2010-11-24 02:14 444216 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-11-24 02:14 . 2010-11-24 02:14 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-11-24 02:14 . 2010-11-24 02:14 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-22 . DD258FA1EC736895565E5ADCA8A822F4 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-08-22 . DD258FA1EC736895565E5ADCA8A822F4 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2006-05-27 26112]
"TaskSwitchXP.exe"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"StartMenu7"="c:\program files\Start Menu 7\StartMenu7.exe" [2010-04-19 2919288]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-06-01 59904]
"YahooImapConnector"="c:\program files\Bravura\Yahoo IMAP Connector\YahooImap.exe" [2010-11-13 988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-4-11 286720]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-5-27 294912]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-10-8 29310]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GPLog.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GPLog.lnk
backup=c:\windows\pss\GPLog.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GreenPrint TrayIcon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GreenPrint TrayIcon.lnk
backup=c:\windows\pss\GreenPrint TrayIcon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^Shortcut to ted.lnk]
path=c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\Shortcut to ted.lnk
backup=c:\windows\pss\Shortcut to ted.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^WePrint Server.lnk]
backup=c:\windows\pss\WePrint Server.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-04-06 23:03 64032 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 11:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICLA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-27 03:02 135664 ----atw- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hazard Shield]
2010-10-26 09:24 42496 ----a-w- c:\program files\Hazard Shield\hzrTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-06 23:04 19523104 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
2010-07-09 23:08 2712920 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TVersityMediaServer"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"gearsec"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSSQL$NR2007"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"rsyncd"=2 (0x2)
"Rsync"=2 (0x2)
"OracleServiceFTK2"=2 (0x2)
"OracleJobSchedulerFTK2"=2 (0x2)
"Oracleftk2TNSListener"=2 (0x2)
".1240528317SsTR"=2 (0x2)
"WRConsumerService"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gupdate1c9e48af8e87b18"=2 (0x2)
"XobniService"=2 (0x2)
"WinAutomation Service"=2 (0x2)
"Media Center 15 Service"=3 (0x3)
"US30Service"=2 (0x2)
"HazardShield"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"sshd"=2 (0x2)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BootlogService"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"STSService"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"rpcapd"=3 (0x3)
"MacDriveService"=2 (0x2)
"GPClientService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\DJ Dash\\My Documents\\sniffer\\iptools.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\WePrint\\WePrint Server.exe"=
"c:\\Documents and Settings\\DJ Dash\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\silvermark\\smejunit\\bin\\smejunit.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Synkron\\Synkron.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\DEMO\\The Settlers 7 - Paths to a Kingdom DEMO\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bravura\\Yahoo IMAP Connector\\YahooImap.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Everything\\Everything.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"61782:TCP"= 61782:TCP:rdp
"22:TCP"= 22:TCP:ssh
"901:TCP"= 901:TCP:*:Disabled:swat
"1194:UDP"= 1194:UDP:openvpn
"9524:TCP"= 9524:TCP:*:Disabled:Lansweeper Port
"9524:UDP"= 9524:UDP:*:Disabled:Lansweeper Port
"9:UDP"= 9:UDP:Wake-On-LAN
"24800:TCP"= 24800:TCP:synergy
"137:TCP"= 137:TCP:SMB
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
"5643:TCP"= 5643:TCP:share
"53168:TCP"= 53168:TCP:*:Disabled:Mezzmo Media Server Service
"1900:TCP"= 1900:TCP:upnp
"2869:UDP"= 2869:UDP:upnp2
"30888:TCP"= 30888:TCP:*:Disabled:tvmobili
"47:TCP"= 47:TCP:VPN
"1723:TCP"= 1723:TCP:VPN2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/2/2009 6:12 AM 40464]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [3/9/2009 4:56 PM 284416]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2/4/2009 12:22 PM 19456]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2/8/2011 4:49 AM 22312]
R1 Ndisprot;RawPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [1/17/2007 6:57 AM 22016]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/11/2010 2:54 AM 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/11/2010 2:53 AM 41936]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/24/2010 11:02 AM 20072]
R2 hzrDriver;Hazard Shield driver;c:\program files\Hazard Shield\hzrDriver.sys [10/26/2010 4:23 AM 10496]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [8/23/2010 7:07 AM 123939]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:00 AM 70704]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/23/2010 12:50 AM 28776]
R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [9/2/2010 2:18 AM 24192]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 2:34 PM 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 2:44 PM 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 2:44 PM 111504]
S0 ntcdrdrv;ntcdrdrv; [x]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [6/12/2010 10:32 PM 179144]
S2 DeltaCopyService;DeltaCopy Server; [x]
S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm ForceField IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys --> c:\windows\system32\Drivers\LBeepKE.sys [?]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/23/2010 12:50 AM 10752]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 8:41 AM 1517376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/20/2010 8:42 AM 1691480]
S3 CEDRIVER55;CEDRIVER55;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver; [x]
S3 FRIdrv;FRIdrv;c:\windows\system32\drivers\FRIdrv.sys [7/30/2009 12:07 PM 3968]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1E5.tmp --> c:\windows\system32\1E5.tmp [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/25/2010 1:33 PM 18432]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/7/2010 8:55 AM 35816]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [12/6/2010 3:20 AM 30272]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/28/2009 2:18 AM 36928]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [10/17/2010 7:04 PM 20480]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/7/2010 9:29 AM 24416]
S3 sbuschk;sbuschk;\??\c:\windows\system32\sbuschk.sys --> c:\windows\system32\sbuschk.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [9/8/2009 10:52 PM 23096]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [11/13/2006 2:19 AM 23552]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\DJ Dash\Desktop\SysinternalsSuite\RealTemp_3.00\WinRing0.sys --> c:\documents and settings\DJ Dash\Desktop\SysinternalsSuite\RealTemp_3.00\WinRing0.sys [?]
S4 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [9/7/2010 9:13 AM 65304]
S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [12/2/2003 8:49 AM 53248]
S4 GPClientService;GreenPrint Client Report Service;c:\program files\GreenPrint Technologies\GreenPrint World\GPClientService.exe [4/27/2009 7:50 PM 126976]
S4 gupdate1c9e48af8e87b18;Google Update Service (gupdate1c9e48af8e87b18);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 3:36 PM 133104]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [11/26/2008 10:23 AM 150528]
S4 Media Center 15 Service;Media Center 15 Service; [x]
S4 MSSQL$NR2007;SQL Server (NR2007); [x]
S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S4 Oracleftk2TNSListener;Oracleftk2TNSListener;c:\oracle\ftk2\BIN\TNSLSNR --> c:\oracle\ftk2\BIN\TNSLSNR [?]
S4 OracleJobSchedulerFTK2;OracleJobSchedulerFTK2;c:\oracle\ftk2\Bin\extjob.exe FTK2 --> c:\oracle\ftk2\Bin\extjob.exe FTK2 [?]
S4 OracleServiceFTK2;OracleServiceFTK2;c:\oracle\ftk2\bin\ORACLE.EXE FTK2 --> c:\oracle\ftk2\bin\ORACLE.EXE FTK2 [?]
S4 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [7/28/2010 1:32 PM 444928]
S4 Rsync;Rsync;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 rsyncd;rsyncd;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [6/2/2010 1:51 PM 338464]
S4 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 STSService;STSService; [x]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 3:47 AM 563760]
S4 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [7/9/2010 4:49 AM 147128]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/7/2009 7:29 PM 55016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 11:58]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:36]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:36]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1645522239-725345543-1003Core.job
- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 03:02]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1645522239-725345543-1003UA.job
- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 03:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.xfxsupportb.co.uk/nvidia_system_tools.zip
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {88650482-3892-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
FF - ProfilePath - c:\documents and settings\DJ Dash\Application Data\Mozilla\Firefox\Profiles\gbp2jw9f.DJ Dash\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: CheckPlaces: checkplaces@andyhalford.com - %profile%\extensions\checkplaces@andyhalford.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: Organize Search Engines: organize-search-engines@maltekraus.de - %profile%\extensions\organize-search-engines@maltekraus.de
FF - Ext: Add-on Collector: sharing@addons.mozilla.org - %profile%\extensions\sharing@addons.mozilla.org
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: MozXP: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1} - %profile%\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - %profile%\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - Ext: Vacuum Places Improved: VacuumPlacesImproved@lultimouomo-gmail.com - %profile%\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
FF - Ext: TooManyTabs: TooManyTabs@visibotech.com - %profile%\extensions\TooManyTabs@visibotech.com
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Extension List Dumper: extensionlistdumper@sogame.cat - %profile%\extensions\extensionlistdumper@sogame.cat
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - %profile%\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Greasefire: greasefire@skrul.com - %profile%\extensions\greasefire@skrul.com
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: StatusbarEx: doudehou@gmail.com - %profile%\extensions\doudehou@gmail.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Automatic Save Folder: asf@mangaheart.org - %profile%\extensions\asf@mangaheart.org
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: EmailOracle: {18aec871-6264-4b10-91cb-ee1fb68eda7c} - %profile%\extensions\{18aec871-6264-4b10-91cb-ee1fb68eda7c}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: ui.submenuDelay - 65000
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.resizable - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 17:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1E5.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Oracleftk2TNSListener]
"ImagePath"="c:\oracle\ftk2\BIN\TNSLSNR "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-06-01 17:33:27
ComboFix-quarantined-files.txt 2011-06-01 22:33
ComboFix2.txt 2011-04-25 18:39
.
Pre-Run: 448,206,188,544 bytes free
Post-Run: 448,188,452,864 bytes free
.
- - End Of File - - A93EAE2D87FAC148E4243C6332BD935F
Thanks!!!
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2287 [GMT -5:00]
Running from: c:\documents and settings\DJ Dash\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DJ Dash\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-05-30 22:59 . 2011-05-31 09:49 -------- d-----w- c:\documents and settings\DJ Dash\Application Data\Easy Duplicate Finder
2011-05-30 14:42 . 2011-05-30 14:42 -------- d-----w- c:\documents and settings\DJ Dash\Application Data\Vistanita
2011-05-23 13:20 . 2011-05-23 13:20 -------- d-----w- C:\winsock5
2011-05-09 15:48 . 2011-05-09 15:48 -------- d-----w- c:\program files\Adolix
2011-05-09 15:48 . 2010-08-13 18:04 2082816 ----a-w- c:\windows\system32\QuickPDFAX0721.dll
2011-05-09 15:42 . 2011-05-09 15:42 -------- d-----w- c:\program files\A-PDF Split
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 00:24 . 2011-04-15 00:24 388096 ----a-r- c:\documents and settings\DJ Dash\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-23 22:37 . 2009-09-08 10:57 164880 ---ha-w- c:\documents and settings\DJ Dash\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-11-03 09:05 . 2009-05-08 23:04 4987136 ----a-w- c:\program files\Common Files\lpuninstall.exe
2009-06-09 09:06 . 2009-06-09 09:06 1589760 -c--a-w- c:\program files\Abander_TagControl.exe
2010-11-30 00:40 . 2010-11-24 02:14 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-11-30 00:40 . 2010-11-24 02:14 444216 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-11-24 02:14 . 2010-11-24 02:14 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-11-24 02:14 . 2010-11-24 02:14 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-22 . DD258FA1EC736895565E5ADCA8A822F4 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-08-22 . DD258FA1EC736895565E5ADCA8A822F4 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\DJ Dash\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2006-05-27 26112]
"TaskSwitchXP.exe"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"StartMenu7"="c:\program files\Start Menu 7\StartMenu7.exe" [2010-04-19 2919288]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-06-01 59904]
"YahooImapConnector"="c:\program files\Bravura\Yahoo IMAP Connector\YahooImap.exe" [2010-11-13 988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-4-11 286720]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-5-27 294912]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-10-8 29310]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GPLog.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GPLog.lnk
backup=c:\windows\pss\GPLog.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GreenPrint TrayIcon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GreenPrint TrayIcon.lnk
backup=c:\windows\pss\GreenPrint TrayIcon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^Shortcut to ted.lnk]
path=c:\documents and settings\DJ Dash\Start Menu\Programs\Startup\Shortcut to ted.lnk
backup=c:\windows\pss\Shortcut to ted.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DJ Dash^Start Menu^Programs^Startup^WePrint Server.lnk]
backup=c:\windows\pss\WePrint Server.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-04-06 23:03 64032 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 11:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICLA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-27 03:02 135664 ----atw- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hazard Shield]
2010-10-26 09:24 42496 ----a-w- c:\program files\Hazard Shield\hzrTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-06 23:04 19523104 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
2010-07-09 23:08 2712920 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TVersityMediaServer"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"gearsec"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSSQL$NR2007"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"rsyncd"=2 (0x2)
"Rsync"=2 (0x2)
"OracleServiceFTK2"=2 (0x2)
"OracleJobSchedulerFTK2"=2 (0x2)
"Oracleftk2TNSListener"=2 (0x2)
".1240528317SsTR"=2 (0x2)
"WRConsumerService"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gupdate1c9e48af8e87b18"=2 (0x2)
"XobniService"=2 (0x2)
"WinAutomation Service"=2 (0x2)
"Media Center 15 Service"=3 (0x3)
"US30Service"=2 (0x2)
"HazardShield"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"sshd"=2 (0x2)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BootlogService"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"STSService"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"rpcapd"=3 (0x3)
"MacDriveService"=2 (0x2)
"GPClientService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\DJ Dash\\My Documents\\sniffer\\iptools.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\WePrint\\WePrint Server.exe"=
"c:\\Documents and Settings\\DJ Dash\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\silvermark\\smejunit\\bin\\smejunit.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Synkron\\Synkron.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\DEMO\\The Settlers 7 - Paths to a Kingdom DEMO\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bravura\\Yahoo IMAP Connector\\YahooImap.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Everything\\Everything.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"61782:TCP"= 61782:TCP:rdp
"22:TCP"= 22:TCP:ssh
"901:TCP"= 901:TCP:*:Disabled:swat
"1194:UDP"= 1194:UDP:openvpn
"9524:TCP"= 9524:TCP:*:Disabled:Lansweeper Port
"9524:UDP"= 9524:UDP:*:Disabled:Lansweeper Port
"9:UDP"= 9:UDP:Wake-On-LAN
"24800:TCP"= 24800:TCP:synergy
"137:TCP"= 137:TCP:SMB
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
"5643:TCP"= 5643:TCP:share
"53168:TCP"= 53168:TCP:*:Disabled:Mezzmo Media Server Service
"1900:TCP"= 1900:TCP:upnp
"2869:UDP"= 2869:UDP:upnp2
"30888:TCP"= 30888:TCP:*:Disabled:tvmobili
"47:TCP"= 47:TCP:VPN
"1723:TCP"= 1723:TCP:VPN2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/2/2009 6:12 AM 40464]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [3/9/2009 4:56 PM 284416]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2/4/2009 12:22 PM 19456]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2/8/2011 4:49 AM 22312]
R1 Ndisprot;RawPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [1/17/2007 6:57 AM 22016]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/11/2010 2:54 AM 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/11/2010 2:53 AM 41936]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/24/2010 11:02 AM 20072]
R2 hzrDriver;Hazard Shield driver;c:\program files\Hazard Shield\hzrDriver.sys [10/26/2010 4:23 AM 10496]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [8/23/2010 7:07 AM 123939]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:00 AM 70704]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/23/2010 12:50 AM 28776]
R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [9/2/2010 2:18 AM 24192]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 2:34 PM 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 2:44 PM 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 2:44 PM 111504]
S0 ntcdrdrv;ntcdrdrv; [x]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [6/12/2010 10:32 PM 179144]
S2 DeltaCopyService;DeltaCopy Server; [x]
S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm ForceField IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys --> c:\windows\system32\Drivers\LBeepKE.sys [?]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/23/2010 12:50 AM 10752]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 8:41 AM 1517376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/20/2010 8:42 AM 1691480]
S3 CEDRIVER55;CEDRIVER55;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver; [x]
S3 FRIdrv;FRIdrv;c:\windows\system32\drivers\FRIdrv.sys [7/30/2009 12:07 PM 3968]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1E5.tmp --> c:\windows\system32\1E5.tmp [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/25/2010 1:33 PM 18432]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/7/2010 8:55 AM 35816]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [12/6/2010 3:20 AM 30272]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/28/2009 2:18 AM 36928]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [10/17/2010 7:04 PM 20480]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/7/2010 9:29 AM 24416]
S3 sbuschk;sbuschk;\??\c:\windows\system32\sbuschk.sys --> c:\windows\system32\sbuschk.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [9/8/2009 10:52 PM 23096]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [11/13/2006 2:19 AM 23552]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\DJ Dash\Desktop\SysinternalsSuite\RealTemp_3.00\WinRing0.sys --> c:\documents and settings\DJ Dash\Desktop\SysinternalsSuite\RealTemp_3.00\WinRing0.sys [?]
S4 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [9/7/2010 9:13 AM 65304]
S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [12/2/2003 8:49 AM 53248]
S4 GPClientService;GreenPrint Client Report Service;c:\program files\GreenPrint Technologies\GreenPrint World\GPClientService.exe [4/27/2009 7:50 PM 126976]
S4 gupdate1c9e48af8e87b18;Google Update Service (gupdate1c9e48af8e87b18);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 3:36 PM 133104]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [11/26/2008 10:23 AM 150528]
S4 Media Center 15 Service;Media Center 15 Service; [x]
S4 MSSQL$NR2007;SQL Server (NR2007); [x]
S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S4 Oracleftk2TNSListener;Oracleftk2TNSListener;c:\oracle\ftk2\BIN\TNSLSNR --> c:\oracle\ftk2\BIN\TNSLSNR [?]
S4 OracleJobSchedulerFTK2;OracleJobSchedulerFTK2;c:\oracle\ftk2\Bin\extjob.exe FTK2 --> c:\oracle\ftk2\Bin\extjob.exe FTK2 [?]
S4 OracleServiceFTK2;OracleServiceFTK2;c:\oracle\ftk2\bin\ORACLE.EXE FTK2 --> c:\oracle\ftk2\bin\ORACLE.EXE FTK2 [?]
S4 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [7/28/2010 1:32 PM 444928]
S4 Rsync;Rsync;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 rsyncd;rsyncd;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [6/2/2010 1:51 PM 338464]
S4 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [6/11/2009 4:06 AM 68096]
S4 STSService;STSService; [x]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 3:47 AM 563760]
S4 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [7/9/2010 4:49 AM 147128]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/7/2009 7:29 PM 55016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 11:58]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:36]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:36]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1645522239-725345543-1003Core.job
- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 03:02]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1645522239-725345543-1003UA.job
- c:\documents and settings\DJ Dash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 03:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.xfxsupportb.co.uk/nvidia_system_tools.zip
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {88650482-3892-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
FF - ProfilePath - c:\documents and settings\DJ Dash\Application Data\Mozilla\Firefox\Profiles\gbp2jw9f.DJ Dash\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: CheckPlaces: checkplaces@andyhalford.com - %profile%\extensions\checkplaces@andyhalford.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: Organize Search Engines: organize-search-engines@maltekraus.de - %profile%\extensions\organize-search-engines@maltekraus.de
FF - Ext: Add-on Collector: sharing@addons.mozilla.org - %profile%\extensions\sharing@addons.mozilla.org
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: MozXP: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1} - %profile%\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - %profile%\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - Ext: Vacuum Places Improved: VacuumPlacesImproved@lultimouomo-gmail.com - %profile%\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
FF - Ext: TooManyTabs: TooManyTabs@visibotech.com - %profile%\extensions\TooManyTabs@visibotech.com
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Extension List Dumper: extensionlistdumper@sogame.cat - %profile%\extensions\extensionlistdumper@sogame.cat
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - %profile%\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Greasefire: greasefire@skrul.com - %profile%\extensions\greasefire@skrul.com
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: StatusbarEx: doudehou@gmail.com - %profile%\extensions\doudehou@gmail.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Automatic Save Folder: asf@mangaheart.org - %profile%\extensions\asf@mangaheart.org
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: EmailOracle: {18aec871-6264-4b10-91cb-ee1fb68eda7c} - %profile%\extensions\{18aec871-6264-4b10-91cb-ee1fb68eda7c}
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: ui.submenuDelay - 65000
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.resizable - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 17:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1E5.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Oracleftk2TNSListener]
"ImagePath"="c:\oracle\ftk2\BIN\TNSLSNR "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-06-01 17:33:27
ComboFix-quarantined-files.txt 2011-06-01 22:33
ComboFix2.txt 2011-04-25 18:39
.
Pre-Run: 448,206,188,544 bytes free
Post-Run: 448,188,452,864 bytes free
.
- - End Of File - - A93EAE2D87FAC148E4243C6332BD935F
Thanks!!!
#60
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 01 June 2011 - 06:01 PM
Hi forest5678,
I see combofix was used previously. Please post the log named combofix2.txt. It can be found at C:\Qoobox
The Revocery Console wasn't installed. Did you click Yes when asked to install it?
I see combofix was used previously. Please post the log named combofix2.txt. It can be found at C:\Qoobox
The Revocery Console wasn't installed. Did you click Yes when asked to install it?
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
