Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Fooled by telephone trick - please help

This is a discussion on Fooled by telephone trick - please help within the Resolved HJT Threads forums, part of the Tech Support Forum category. I was fooled by someone calling me who pretended to be from Microsoft. Allowed him to remote control the PC,


 
 
Thread Tools Search this Thread
Old 01-28-2011, 02:11 AM   #1
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



I was fooled by someone calling me who pretended to be from Microsoft.

Allowed him to remote control the PC, and he planted some trojan(s).

I did a System Restore to before the attack, ran virus checker, and spyware checker to clear what I could.

I would really appreciate someone checking to see if there is any further malware lurking before I resume using my computer.

Any help greatly appreciated.

Here is the DDS log, with Ark.txt and Attach.txt attached:



DDS (Ver_10-12-12.02) - NTFSx86
Run by Gis at 14:49:30.34 on 24/01/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.156 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\DOCUME~1\Gis\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gis\Local Settings\Temporary Internet Files\Content.IE5\RO7PG89M\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MISAggregator]
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B19147A0-C2FD-4B1F-BD20-3A3E1ABC4FC3} - hxxps://members.nurserycam.co.uk/WESPSDK229.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gis\applic~1\mozilla\firefox\profiles\rmh6aoqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-4-2 80640]
R1 MpKsl2ba1960c;MpKsl2ba1960c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2725805f-040b-4e25-bd13-f0c68004fdf3}\MpKsl2ba1960c.sys [2011-1-24 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-16 47640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2010-6-20 43392]
S3 CINI910U;CINI910U;\??\c:\docume~1\gis\locals~1\temp\cini910u.sys --> c:\docume~1\gis\locals~1\temp\CINI910U.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2010-6-20 17149]
S3 FUSBINTE;FUSBINTE;\??\c:\docume~1\gis\locals~1\temp\fusbinte.sys --> c:\docume~1\gis\locals~1\temp\FUSBINTE.SYS [?]
S3 KMODEM;KMODEM;\??\c:\docume~1\gis\locals~1\temp\kmodem.sys --> c:\docume~1\gis\locals~1\temp\KMODEM.SYS [?]
S3 LMODEM;LMODEM;\??\c:\docume~1\gis\locals~1\temp\lmodem.sys --> c:\docume~1\gis\locals~1\temp\LMODEM.SYS [?]
S3 MSWENUM;MSWENUM;\??\c:\docume~1\gis\locals~1\temp\mswenum.sys --> c:\docume~1\gis\locals~1\temp\MSWENUM.SYS [?]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-4-2 114464]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]
S3 QNWLNKNB;QNWLNKNB;\??\c:\docume~1\gis\locals~1\temp\qnwlnknb.sys --> c:\docume~1\gis\locals~1\temp\QNWLNKNB.SYS [?]
S3 TINTELPP;TINTELPP;\??\c:\docume~1\gis\locals~1\temp\tintelpp.sys --> c:\docume~1\gis\locals~1\temp\TINTELPP.SYS [?]
S3 UHIDCLAS;UHIDCLAS;\??\c:\docume~1\gis\locals~1\temp\uhidclas.sys --> c:\docume~1\gis\locals~1\temp\UHIDCLAS.SYS [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 xks;xks;\??\c:\docume~1\gis\locals~1\temp\xks.sys --> c:\docume~1\gis\locals~1\temp\xks.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2011-01-24 14:29:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-24 09:41:05 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2725805f-040b-4e25-bd13-f0c68004fdf3}\MpKsl2ba1960c.sys
2011-01-24 09:40:32 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2725805f-040b-4e25-bd13-f0c68004fdf3}\mpengine.dll
2011-01-21 17:21:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-21 17:21:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 18:03:38 -------- d-----w- c:\windows\LMI26.tmp
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

==================== Find3M ====================

2010-12-25 11:32:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 11:32:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2006-03-20 22:29:42 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-04-27 09:29:19 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe

============= FINISH: 14:52:28.82 ===============
Attached Files
File Type: zip ArkAttach.zip (4.8 KB, 39 views)
dfreer is offline  
Sponsored Links
Advertisement
 
Old 01-29-2011, 06:45 AM   #2
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

You may want to consider saving your documents, pictures and music files, then reformatting as there is no way of really knowing for certain what may have been compromised on your machine. I can clean up what I see, but there are no guarantees that it will be 100% clean. It's up to you


Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
CatByte is offline  
Old 01-29-2011, 09:36 AM   #3
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



Hi, thank you for your reply.

I tried combofix.exe, but it hangs the whole computer when it displays the "Disclaimer" screen, have to switch computer off at switch.

Have tried it twice now, with the same result each time.

Microsoft Security Essentials is running, but there appears to be no way to temporarily disable this.

Anything else I can try?

Thanks.
dfreer is offline  
Sponsored Links
Advertisement
 
Old 01-29-2011, 10:46 AM   #4
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

Open the Microsoft Security Essentials Interface, click the settings tab > go to "Real Time Protection" > uncheck the "Turn on real time protection" box.

That will disable it while we run ComboFix

Delete the copy of ComboFix that you have on your desktop > download a fresh copy but rename it to iexplore before saving it to your desktop

give it another try

try running it in safe mode if it wont run in normal mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account
CatByte is offline  
Old 01-30-2011, 07:14 AM   #5
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



Below is ComboFix.exe log. Please note it did require Safe Mode before it would run.

What to do next?

Thank you for your help.



ComboFix 11-01-29.02 - Administrator 30/01/2011 14:17:44.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.337 [GMT 0:00]
Running from: c:\documents and settings\Administrator.GISELLE.000\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gis\My Documents\reg.reg
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 11:00 . 2011-01-30 11:00 -------- d-----w- c:\documents and settings\Administrator.GISELLE.000
2011-01-30 09:34 . 2011-01-30 09:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl418985f7.sys
2011-01-29 17:23 . 2011-01-29 17:23 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl39f299f8.sys
2011-01-29 17:19 . 2011-01-29 17:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl9d072917.sys
2011-01-29 17:18 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\mpengine.dll
2011-01-24 17:50 . 2011-01-24 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-24 17:49 . 2011-01-24 17:50 -------- d-----w- c:\program files\SpywareBlaster
2011-01-24 14:29 . 2011-01-24 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-21 17:21 . 2011-01-21 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 18:03 . 2011-01-21 17:21 -------- d-----w- c:\windows\LMI26.tmp
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-10-18 08:40 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-25 11:32 . 2010-12-25 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 11:32 . 2010-12-25 11:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 05:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2004-08-04 05:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 05:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 05:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 05:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2006-03-20 22:29 . 2006-03-20 22:25 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-04-27 09:29 . 2005-04-27 09:26 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-05 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2010-6-20 483412]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 18:09 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"vsmon"=2 (0x2)
"STI Simulator"=2 (0x2)
"ose"=3 (0x3)
"NetSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"Crypkey License"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S1 MpKsl39f299f8;MpKsl39f299f8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl39f299f8.sys [29/01/2011 17:23 28752]
S1 MpKsl418985f7;MpKsl418985f7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl418985f7.sys [30/01/2011 09:34 28752]
S1 MpKsl9d072917;MpKsl9d072917;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl9d072917.sys [29/01/2011 17:19 28752]
S1 MpKslf74acac4;MpKslf74acac4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8DC1419-8DD6-4A19-A5D7-3EC5F7CBD4B5}\MpKslf74acac4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8DC1419-8DD6-4A19-A5D7-3EC5F7CBD4B5}\MpKslf74acac4.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:36 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [16/06/2007 11:13 12856]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\SYSTEM32\DRIVERS\Athfmwdl.sys [20/06/2010 09:55 43392]
S3 CINI910U;CINI910U;\??\c:\docume~1\Gis\LOCALS~1\Temp\CINI910U.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\CINI910U.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [20/06/2010 09:55 17149]
S3 FUSBINTE;FUSBINTE;\??\c:\docume~1\Gis\LOCALS~1\Temp\FUSBINTE.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\FUSBINTE.SYS [?]
S3 KMODEM;KMODEM;\??\c:\docume~1\Gis\LOCALS~1\Temp\KMODEM.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\KMODEM.SYS [?]
S3 LMODEM;LMODEM;\??\c:\docume~1\Gis\LOCALS~1\Temp\LMODEM.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\LMODEM.SYS [?]
S3 MSWENUM;MSWENUM;\??\c:\docume~1\Gis\LOCALS~1\Temp\MSWENUM.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\MSWENUM.SYS [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 QNWLNKNB;QNWLNKNB;\??\c:\docume~1\Gis\LOCALS~1\Temp\QNWLNKNB.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\QNWLNKNB.SYS [?]
S3 TINTELPP;TINTELPP;\??\c:\docume~1\Gis\LOCALS~1\Temp\TINTELPP.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\TINTELPP.SYS [?]
S3 UHIDCLAS;UHIDCLAS;\??\c:\docume~1\Gis\LOCALS~1\Temp\UHIDCLAS.SYS --> c:\docume~1\Gis\LOCALS~1\Temp\UHIDCLAS.SYS [?]
S3 xks;xks;\??\c:\docume~1\Gis\LOCALS~1\Temp\xks.sys --> c:\docume~1\Gis\LOCALS~1\Temp\xks.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:36]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:36]
2005-01-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {B19147A0-C2FD-4B1F-BD20-3A3E1ABC4FC3} - hxxps://members.nurserycam.co.uk/WESPSDK229.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MISAggregator - (no file)
AddRemove-McAfee Personal Firewall Plus - c:\progra~1\mcafee.com\shared\mcappins.exe
AddRemove-McAfee SpamKiller - c:\progra~1\mcafee.com\shared\mcappins.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-30 14:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-01-30 14:26:38
ComboFix-quarantined-files.txt 2011-01-30 14:26
Pre-Run: 86,313,041,920 bytes free
Post-Run: 86,916,063,232 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 553542D65B4F8FC27DF3BE2FFE1E6210
dfreer is offline  
Old 01-30-2011, 07:38 AM   #6
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
https://www.techsupportforum.com/forums/f50/fooled-by-telephone-trick-please-help-546946.html#post3105606

Collect::
c:\docume~1\Gis\LOCALS~1\Temp\CINI910U.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\xks.sys 
c:\docume~1\Gis\LOCALS~1\Temp\UHIDCLAS.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\FUSBINTE.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\LMODEM.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\KMODEM.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\MSWENUM.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\QNWLNKNB.SYS 
c:\docume~1\Gis\LOCALS~1\Temp\TINTELPP.SYS 

Driver::
CINI910U 
FUSBINTE
KMODEM
LMODEM
MSWENUM
QNWLNKNB
TINTELPP
UHIDCLAS
xks

DirLook::
c:\documents and settings\Administrator.GISELLE.000
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
CatByte is offline  
Old 01-30-2011, 11:32 AM   #7
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



Thank you for your continued help.
Here are the ComboFix and MBAM logs, ESET found no threats and produced no log.
What next?

ComboFix 11-01-29.02 - Administrator 30/01/2011 16:35:48.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.269 [GMT 0:00]
Running from: c:\documents and settings\Administrator.GISELLE.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.GISELLE.000\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FUSBINTE
-------\Legacy_LMODEM
-------\Legacy_MSWENUM
-------\Legacy_QNWLNKNB
-------\Legacy_TINTELPP
-------\Legacy_UHIDCLAS
-------\Service_CINI910U
-------\Service_FUSBINTE
-------\Service_KMODEM
-------\Service_LMODEM
-------\Service_MSWENUM
-------\Service_QNWLNKNB
-------\Service_TINTELPP
-------\Service_UHIDCLAS
-------\Service_xks

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 15:17 . 2011-01-30 15:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{453A4A34-8CC5-43ED-B605-77656B269B5D}\MpKslb9cf40e3.sys
2011-01-30 15:16 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{453A4A34-8CC5-43ED-B605-77656B269B5D}\mpengine.dll
2011-01-30 11:00 . 2011-01-30 11:00 -------- d-----w- c:\documents and settings\Administrator.GISELLE.000
2011-01-24 17:50 . 2011-01-24 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-24 17:49 . 2011-01-24 17:50 -------- d-----w- c:\program files\SpywareBlaster
2011-01-24 14:29 . 2011-01-24 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-21 17:21 . 2011-01-21 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 18:03 . 2011-01-21 17:21 -------- d-----w- c:\windows\LMI26.tmp
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-04 17:25 . 2011-01-04 17:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-10-18 08:40 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-25 11:32 . 2010-12-25 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 11:32 . 2010-12-25 11:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 05:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2004-08-04 05:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 05:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 05:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 05:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2006-03-20 22:29 . 2006-03-20 22:25 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-04-27 09:29 . 2005-04-27 09:26 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator.GISELLE.000 ----
2011-01-30 14:29 . 2011-01-30 14:29 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\77U04KW6\desktop.ini
2011-01-30 14:29 . 2011-01-30 14:29 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\4TJN2AEF\desktop.ini
2011-01-30 14:29 . 2011-01-30 14:29 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\LM0BUFJY\desktop.ini
2011-01-30 14:29 . 2011-01-30 14:29 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\2PSP5KJ2\desktop.ini
2011-01-30 14:29 . 2011-01-30 14:29 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2011-01-30 14:29 . 2011-01-30 16:32 32768 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2011-01-30 14:25 . 2011-01-30 14:25 263232 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
2011-01-30 14:25 . 2011-01-30 14:25 120 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
2011-01-30 14:25 . 2011-01-30 14:25 329275 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
2011-01-30 14:25 . 2011-01-30 14:25 124 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
2011-01-30 14:25 . 2011-01-30 14:25 597 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211
2011-01-30 14:25 . 2011-01-30 14:25 142 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211
2011-01-30 14:25 . 2011-01-30 14:25 781 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
2011-01-30 14:25 . 2011-01-30 14:25 156 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
2011-01-30 14:25 . 2011-01-30 14:25 528 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A
2011-01-30 14:25 . 2011-01-30 14:25 140 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A
2011-01-30 11:38 . 2011-01-30 11:38 90 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Cookies\[email protected][1].txt
2011-01-30 11:38 . 2011-01-30 11:38 405 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2011-01-30 11:38 . 2011-01-30 11:38 115 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Cookies\[email protected][1].txt
2011-01-30 11:38 . 2011-01-30 11:38 350 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Cookies\[email protected][2].txt
2011-01-30 11:37 . 2011-01-30 11:37 16384 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
2011-01-30 11:37 . 2011-01-30 11:37 32768 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\History\History.IE5\MSHist012011013020110131\index.dat
2011-01-30 11:37 . 2011-01-30 11:37 24 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Protect\S-1-5-21-2431194297-4214129421-1274070505-500\Preferred
2011-01-30 11:37 . 2011-01-30 11:37 388 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Protect\S-1-5-21-2431194297-4214129421-1274070505-500\83ff1894-1dc0-4cc0-9b4d-48392d75665e
2011-01-30 11:37 . 2011-01-30 11:37 78924 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
2011-01-30 11:36 . 2011-01-30 11:36 552 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2011-01-30 11:36 . 2011-01-30 11:36 132 --s-a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2011-01-30 11:27 . 2011-01-30 10:30 4262410 ----a-r- c:\documents and settings\Administrator.GISELLE.000\Desktop\ComboFix.exe
2011-01-30 11:02 . 2011-01-30 11:02 145 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\History\desktop.ini
2011-01-30 11:02 . 2011-01-30 11:02 145 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\History\History.IE5\desktop.ini
2011-01-30 11:02 . 2011-01-30 11:02 67 --sh--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Temporary Internet Files\desktop.ini
2011-01-30 11:00 . 2004-08-10 12:57 62 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:11 21768 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config
2011-01-30 11:00 . 2005-04-06 21:06 39488 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch
2011-01-30 11:00 . 2004-08-10 13:03 141 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK
2011-01-30 11:00 . 2004-08-10 13:08 10381 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT
2011-01-30 11:00 . 2005-01-05 03:11 2128 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Desktop.htt
2011-01-30 11:00 . 2005-01-05 03:26 612 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk
2011-01-30 11:00 . 2004-08-10 13:08 119 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
2011-01-30 11:00 . 2010-06-10 15:57 683 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2011-01-30 11:00 . 2005-01-05 03:26 742 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
2011-01-30 11:00 . 2004-08-10 13:08 79 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
2011-01-30 11:00 . 2005-01-05 03:20 24 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Protect\CREDHIST
2011-01-30 11:00 . 2005-01-05 03:20 388 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Protect\S-1-5-21-2431194297-4214129421-1274070505-1003\3d8fd8aa-aca3-4a71-bb95-15d83d83cd46
2011-01-30 11:00 . 2005-01-05 03:20 24 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Microsoft\Protect\S-1-5-21-2431194297-4214129421-1274070505-1003\Preferred
2011-01-30 11:00 . 2005-01-05 03:28 31 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Sonic\Update Manager\sumdb.dat
2011-01-30 11:00 . 2005-01-05 03:19 473 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Application Data\Sun\Java\Deployment\deployment.properties
2011-01-30 11:00 . 2011-01-30 16:32 32768 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Cookies\INDEX.DAT
2011-01-30 11:00 . 2005-01-05 03:05 85 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Dell\Dell.url
2011-01-30 11:00 . 2005-01-05 03:05 63 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Dell\Support.Dell.com.url
2011-01-30 11:00 . 2004-08-10 13:08 119 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\Customize Links.url
2011-01-30 11:00 . 2004-08-10 13:08 122 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Desktop.ini
2011-01-30 11:00 . 2004-08-10 13:08 113 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\Free Hotmail.url
2011-01-30 11:00 . 2005-01-05 03:26 114 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\RealPlayer.url
2011-01-30 11:00 . 2004-08-10 13:08 169 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\Windows Marketplace.url
2011-01-30 11:00 . 2004-08-10 13:08 118 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\Windows Media.url
2011-01-30 11:00 . 2004-08-10 13:08 113 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Links\Windows.url
2011-01-30 11:00 . 2005-01-05 03:26 130 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Media\Real.com Radio Tuner.url
2011-01-30 11:00 . 2004-08-10 13:08 119 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\MSN.com.url
2011-01-30 11:00 . 2004-08-10 13:08 197 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\Radio Station Guide.url
2011-01-30 11:00 . 2005-01-05 03:26 114 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Favorites\RealPlayer Home Page.url
2011-01-30 11:00 . 2004-08-10 13:12 2872 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
2011-01-30 11:00 . 2004-08-10 13:11 1337 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
2011-01-30 11:00 . 2011-01-30 14:32 1930896 ---ha-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\IconCache.db
2011-01-30 11:00 . 2005-01-05 03:24 851968 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2011-01-30 11:00 . 2011-01-30 14:32 262144 ---h--w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2011-01-30 11:00 . 2011-01-30 16:31 8192 ---ha-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2011-01-30 11:00 . 2004-08-10 13:03 498 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2011-01-30 11:00 . 2005-01-05 03:26 12784 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2011-01-30 11:00 . 2002-06-19 18:24 847872 ----a-r- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb
2011-01-30 11:00 . 2005-01-05 03:20 53 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
2011-01-30 11:00 . 2005-01-05 03:19 3584 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST
2011-01-30 11:00 . 2005-01-05 03:19 9946112 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
2011-01-30 11:00 . 2011-01-30 16:31 62 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\DESKTOP.INI
2011-01-30 11:00 . 2011-01-30 16:32 32768 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Local Settings\History\History.IE5\INDEX.DAT
2011-01-30 11:00 . 2005-01-05 03:20 191 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Music\My Playlists\DMX_TempList (2).wpl
2011-01-30 11:00 . 2004-08-10 13:08 76 --sha-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:08 181 --sha-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Music\Desktop.ini
2011-01-30 11:00 . 2005-01-05 03:20 191 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Music\My Playlists\DMX_TempList.wpl
2011-01-30 11:00 . 2004-08-10 13:08 542 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Music\Sample Music.lnk
2011-01-30 11:00 . 2004-08-10 13:08 183 --sha-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Pictures\Desktop.ini
2011-01-30 11:00 . 2004-08-10 13:08 572 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Pictures\Sample Pictures.lnk
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript
2011-01-30 11:00 . 2005-01-05 03:20 182 --sha-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Videos\Desktop.ini
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript
2011-01-30 11:00 . 2005-01-05 03:24 1002 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript
2011-01-30 11:00 . 2003-08-22 06:46 69459972 ----a-w- c:\documents and settings\Administrator.GISELLE.000\My Documents\My Videos\Experience.mpg
2011-01-30 11:00 . 2004-08-10 13:03 0 ----a-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2011-01-30 11:00 . 2004-08-10 13:08 150 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Recent\Desktop.ini
2011-01-30 11:00 . 2004-08-10 13:03 0 ----a-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\Desktop (create shortcut).DeskLink
2011-01-30 11:00 . 2004-08-10 13:03 181 --sha-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:03 0 ----a-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\Mail Recipient.MAPIMail
2011-01-30 11:00 . 2004-08-10 13:04 348 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Accessibility\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:08 0 ----a-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\My Documents.mydocs
2011-01-30 11:00 . 2004-09-07 07:01 0 ----a-w- c:\documents and settings\Administrator.GISELLE.000\SendTo\RecordNow!.RecordNowSendToExt
2011-01-30 11:00 . 2004-08-10 13:04 1429 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2011-01-30 11:00 . 2004-08-10 12:57 62 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:04 1436 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1443 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1405 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2011-01-30 11:00 . 2004-08-10 13:08 678 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Address Book.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1459 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Command Prompt.lnk
2011-01-30 11:00 . 2004-08-10 13:08 542 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:04 1423 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Notepad.lnk
2011-01-30 11:00 . 2004-08-10 13:04 386 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2011-01-30 11:00 . 2004-08-10 13:08 708 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1423 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Synchronize.lnk
2011-01-30 11:00 . 2004-08-10 13:04 84 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Entertainment\DESKTOP.INI
2011-01-30 11:00 . 2004-08-10 13:02 1391 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Windows Explorer.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1431 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2011-01-30 11:00 . 2004-08-10 13:08 234 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\DESKTOP.INI
2011-01-30 11:00 . 2010-06-10 15:57 671 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Internet Explorer.lnk
2011-01-30 11:00 . 2004-08-04 05:00 4570 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\AMIPRO.SAM
2011-01-30 11:00 . 2004-08-10 13:08 642 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Outlook Express.lnk
2011-01-30 11:00 . 2004-08-10 13:04 1503 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Remote Assistance.lnk
2011-01-30 11:00 . 2004-08-10 13:04 84 --sha-w- c:\documents and settings\Administrator.GISELLE.000\Start Menu\Programs\Startup\DESKTOP.INI
2011-01-30 11:00 . 2004-08-04 05:00 5632 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\EXCEL.XLS
2011-01-30 11:00 . 2004-08-04 05:00 1518 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\EXCEL4.XLS
2011-01-30 11:00 . 2004-08-04 05:00 2448 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\LOTUS.WK4
2011-01-30 11:00 . 2004-08-04 05:00 12288 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\POWERPNT.PPT
2011-01-30 11:00 . 2004-08-04 05:00 461 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\PRESENTA.SHW
2011-01-30 11:00 . 2004-08-04 05:00 4017 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\QUATTRO.WB2
2011-01-30 11:00 . 2004-08-04 05:00 58 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\SNDREC.WAV
2011-01-30 11:00 . 2004-08-04 05:00 4608 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\WINWORD.DOC
2011-01-30 11:00 . 2004-08-04 05:00 1769 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\WINWORD2.DOC
2011-01-30 11:00 . 2004-08-04 05:00 30 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\WORDPFCT.WPD
2011-01-30 11:00 . 2004-08-04 05:00 57 ----a-w- c:\documents and settings\Administrator.GISELLE.000\Templates\WORDPFCT.WPG
2011-01-30 11:00 . 2011-01-30 14:32 178 --sh--w- c:\documents and settings\Administrator.GISELLE.000\NTUSER.INI
2011-01-30 11:00 . 2011-01-30 16:33 286720 ---ha-w- c:\documents and settings\Administrator.GISELLE.000\ntuser.dat.LOG
2011-01-30 11:00 . 2011-01-30 14:32 786432 ---ha-w- c:\documents and settings\Administrator.GISELLE.000\NTUSER.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-05 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2010-6-20 483412]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 18:09 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"vsmon"=2 (0x2)
"STI Simulator"=2 (0x2)
"ose"=3 (0x3)
"NetSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"Crypkey License"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 MpKslb9cf40e3;MpKslb9cf40e3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{453A4A34-8CC5-43ED-B605-77656B269B5D}\MpKslb9cf40e3.sys [30/01/2011 15:17 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [16/06/2007 11:13 12856]
S1 MpKsl39f299f8;MpKsl39f299f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl39f299f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl39f299f8.sys [?]
S1 MpKsl418985f7;MpKsl418985f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl418985f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl418985f7.sys [?]
S1 MpKsl9d072917;MpKsl9d072917;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl9d072917.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{174BB034-15C7-4765-BE9E-22304EA91EAC}\MpKsl9d072917.sys [?]
S1 MpKslf74acac4;MpKslf74acac4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8DC1419-8DD6-4A19-A5D7-3EC5F7CBD4B5}\MpKslf74acac4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8DC1419-8DD6-4A19-A5D7-3EC5F7CBD4B5}\MpKslf74acac4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:36 135664]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\SYSTEM32\DRIVERS\Athfmwdl.sys [20/06/2010 09:55 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [20/06/2010 09:55 17149]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:36]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:36]
2005-01-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {B19147A0-C2FD-4B1F-BD20-3A3E1ABC4FC3} - hxxps://members.nurserycam.co.uk/WESPSDK229.cab
FF - ProfilePath - c:\documents and settings\Gis\Application Data\Mozilla\Firefox\Profiles\rmh6aoqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-30 16:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-01-30 16:55:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-30 16:55
ComboFix2.txt 2011-01-30 14:26
Pre-Run: 86,928,691,200 bytes free
Post-Run: 86,305,140,736 bytes free
- - End Of File - - 0BBCEA4D272F96E8266815E8253EB67C

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5640
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
30/01/2011 17:42:55
mbam-log-2011-01-30 (17-42-55).txt
Scan type: Quick scan
Objects scanned: 195560
Time elapsed: 5 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
dfreer is offline  
Old 01-30-2011, 01:53 PM   #8
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please do the following:


Go to Start > Control Panel > Add/Remove programs

a list of installed programs will populate.

scroll down and locate the following program > select REMOVE


Java 2 Runtime Environment, SE v1.4.2_03



NEXT


Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Download and run Puran Disk Defragmenter


NEXT


Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues
CatByte is offline  
Old 01-31-2011, 04:28 AM   #9
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



Thank you for your continued help.

JRE has been uninstalled, and Adobe Reader upgraded, and Puran defrag run.

No unusual behaviour observed.

What next?

Here are DDS logs:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Chris at 12:18:36.78 on 31/01/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.95 [GMT 0:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uWindow Title = Microsoft Internet Explorer provided by Wanadoo
uSearch Bar = hxxp://www.wanadoo.co.uk/iesearch/default.htm
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {B19147A0-C2FD-4B1F-BD20-3A3E1ABC4FC3} - hxxps://members.nurserycam.co.uk/WESPSDK229.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-4-2 80640]
R1 MpKsl70fd0d9b;MpKsl70fd0d9b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc2fab19-078c-4d04-ba03-aa5e2d2b5c12}\MpKsl70fd0d9b.sys [2011-1-31 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-16 47640]
S1 MpKsl39f299f8;MpKsl39f299f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\mpksl39f299f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\MpKsl39f299f8.sys [?]
S1 MpKsl418985f7;MpKsl418985f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\mpksl418985f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\MpKsl418985f7.sys [?]
S1 MpKsl9d072917;MpKsl9d072917;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\mpksl9d072917.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{174bb034-15c7-4765-be9e-22304ea91eac}\MpKsl9d072917.sys [?]
S1 MpKslf74acac4;MpKslf74acac4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8dc1419-8dd6-4a19-a5d7-3ec5f7cbd4b5}\mpkslf74acac4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8dc1419-8dd6-4a19-a5d7-3ec5f7cbd4b5}\MpKslf74acac4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2010-6-20 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2010-6-20 17149]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-4-2 114464]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-1-31 229376]
=============== Created Last 30 ================
2011-01-31 11:14:29 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-01-31 11:14:29 221184 ----a-w- c:\windows\system32\PuranDC.exe
2011-01-31 11:14:29 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-01-31 11:14:29 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-01-31 11:14:28 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2011-01-31 11:14:27 -------- d-----w- c:\program files\Puran Defrag
2011-01-31 1110 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{dc2fab19-078c-4d04-ba03-aa5e2d2b5c12}\MpKsl70fd0d9b.sys
2011-01-31 10:27:14 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{dc2fab19-078c-4d04-ba03-aa5e2d2b5c12}\mpengine.dll
2011-01-30 17:36:42 -------- d-----w- c:\docume~1\chris\applic~1\Malwarebytes
2011-01-30 17:36:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 17:36:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-30 17:36:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 17:36:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 14:13:56 -------- d-sha-r- C:\cmdcons
2011-01-30 11:29:04 98816 ----a-w- c:\windows\sed.exe
2011-01-30 11:29:04 89088 ----a-w- c:\windows\MBR.exe
2011-01-30 11:29:04 256512 ----a-w- c:\windows\PEV.exe
2011-01-30 11:29:04 161792 ----a-w- c:\windows\SWREG.exe
2011-01-24 17:49:57 -------- d-----w- c:\program files\SpywareBlaster
2011-01-24 14:29:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-21 17:21:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-21 17:21:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 18:03:38 -------- d-----w- c:\windows\LMI26.tmp
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-01-04 17:25:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
==================== Find3M ====================
2010-12-25 11:32:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 11:32:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2006-03-20 22:29:42 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-04-27 09:29:19 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
============= FINISH: 12:19:41.84 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/01/2005 20:02:54
System Uptime: 31/01/2011 11:05:33 (1 hours ago)
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 145 GiB total, 80.67 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_CINI910U_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_CINI910U_XX
Service: CINI910U
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_FUSBINTE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_FUSBINTE_XX
Service: FUSBINTE
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_KMODEM_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_KMODEM_XX
Service: KMODEM
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_LMODEM_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_LMODEM_XX
Service: LMODEM
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MSWENUM_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MSWENUM_XX
Service: MSWENUM
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_QNWLNKNB_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_QNWLNKNB_XX
Service: QNWLNKNB
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_TINTELPP_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_TINTELPP_XX
Service: TINTELPP
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_UHIDCLAS_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_UHIDCLAS_XX
Service: UHIDCLAS
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_XKS_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_XKS_XX
Service: xks
==== System Restore Points ===================
RP1738: 31/01/2011 10:26:31 - System Checkpoint
RP1739: 31/01/2011 10:27:08 - Software Distribution Service 3.0
RP1740: 31/01/2011 10:49:28 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1741: 31/01/2011 11:02:33 - Removed Adobe Reader 9.1.
RP1742: 31/01/2011 11:03:11 - Installed Adobe Reader X.
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Boots F2CD Picture Suite
Camera RAW Plug-In for EPSON Creativity Suite
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus Photo RX585_RX610 Manual
EPSON Web-To-Page
getPlus(R) for Adobe
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-06-26
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
Lizardtech DjVu Control
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Works 7.0
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.6)
NETGEAR WG111T Smart Wizard Wireless Utility
Panda ActiveScan
Picasa 3
PowerDVD 5.3
Puran Defrag Free Edition 7.1
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
SpeedTouch USB Software
Spybot - Search & Destroy 1.4
SpywareBlaster 4.4
SUPERAntiSpyware
UK-Info 2003
UK-Info 2004
UK-Info Disk 2001 Pro
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Viewpoint Media Player
Wanadoo Search Toolbar
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows XP Service Pack 3
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger with BT Communicator
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
31/01/2011 10:25:49, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000098' while processing the file 'Microsoft .. l 2003.lnk' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_UHIDCLAS\0000 disappeared from the system without first being prepared for removal.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_TINTELPP\0000 disappeared from the system without first being prepared for removal.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_QNWLNKNB\0000 disappeared from the system without first being prepared for removal.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_MSWENUM\0000 disappeared from the system without first being prepared for removal.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_LMODEM\0000 disappeared from the system without first being prepared for removal.
30/01/2011 16:44:05, error: PlugPlayManager [11] - The device Root\LEGACY_FUSBINTE\0000 disappeared from the system without first being prepared for removal.
30/01/2011 11:37:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter NetworkX SASDIFSV SASKUTIL
30/01/2011 11:23:55, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
30/01/2011 11:02:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
30/01/2011 11:02:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/01/2011 11:01:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MPFIREWL MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
30/01/2011 11:01:57, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
30/01/2011 11:01:57, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
30/01/2011 11:01:57, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30/01/2011 11:01:57, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
30/01/2011 10:31:41, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
30/01/2011 10:31:41, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
30/01/2011 10:31:41, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
30/01/2011 10:31:41, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
30/01/2011 10:31:41, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
30/01/2011 10:31:41, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/01/2011 10:31:41, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
29/01/2011 17:07:27, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
==== End Of File ===========================
dfreer is offline  
Old 01-31-2011, 03:50 PM   #10
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

the logs appear to be clean

just some housekeeping to fo now

please do the following:

You can delete the DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    Microsoft Windows Update
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
CatByte is offline  
Old 02-02-2011, 09:42 AM   #11
Registered Member
 
Join Date: Jan 2011
Posts: 6
OS: Windows 7



Sincere thanks to you for all your help and good advice.
dfreer is offline  
Old 02-05-2011, 06:06 PM   #12
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



you are welcome

stay safe

~CB
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts