Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 28 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
Thanks in advance for any help you can provide. For several months now my computer has been very slow to load up (10 minutes) before I can access any programs. Accessing the Internet is also very slow, even at 1.5 MBPS. Have made several attempts to find viruses/malware using Eset and Malwarebytes. All show a clean computer.

Here's the dds info:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 21:12:28.83 on Sat 04/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.324 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MSM\MindShiftMixer\MindShiftMixer_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: &Google Notebook: {ccccccd3-666f-4f81-8b69-745de9f6d897} - c:\program files\google\google notebook\gnotes1.0.2.19--851897833.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19--851897833.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19--851897833.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Gbridge] "c:\program files\gbridge llc\gbridge\pstartw.exe" "c:\program files\gbridge llc\gbridge\Gbridge.exe" -autostart
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Tracker] c:\program files\gratitude journal\Sticky.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [FFTI] c:\documents and settings\owner\application data\mozilla\firefox\profiles\14mmfdw0.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\owner\application data\mozilla\firefox\profiles/14mmfdw0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\mindsh~1.lnk - c:\program files\msm\mindshiftmixer\MindShiftMixer_Service.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Post To &WP : Nursing-Home-Tips.com - javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('http://nursing-home-tips.com/blog/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Snipe It with BidNip - http://www.bidnip.com/members/reg_snipe.php
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intellimail2020.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.102 HP00163547461D
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\14mmfdw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\1.2.584.15114\npCIDetect5.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org Site Builder Login
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
============= SERVICES / DRIVERS ===============
.
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004-9-17 54912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-6-24 95896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c3c137b7cb40;Google Update Service (gupdate1c9c3c137b7cb40);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S2 VVAgent;EVault InfoStage Agent; [x]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-6-13 16512]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-18 29744]
.
=============== Created Last 30 ================
.
2011-04-10 01:44:09 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-06 14:29:01 835415 ----a-w- c:\windows\XSitePro2.5 Resource Pack Uninstaller.exe
2011-03-26 09:13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-26 09:13:16 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-03-26 09:13:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-26 09:13:16 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-26 09:13:16 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-26 09:13:16 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-26 09:13:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-26 09:13:16 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-26 09:13:16 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-26 00:44:46 912344 ----a-w- c:\program files\mozilla firefox\nsv14a.tmp\firefox.exe
2011-03-26 00:44:46 245208 ----a-w- c:\program files\mozilla firefox\nsv14a.tmp\updater.exe
2011-03-18 01:44:03 -------- d-----w- c:\program files\DVD or CD Sharing
2011-03-17 01:42:26 -------- d-----w- c:\program files\Market Samurai
.
==================== Find3M ====================
.
2011-04-06 19:56:53 1748894 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: FUJITSU_MHT2060AT rev.0022 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF7657000]<< >>UNKNOWN [0xF7647000]<< >>UNKNOWN [0xF75A8000]<< >>UNKNOWN [0x806EF000]<< >>UNKNOWN [0xF74A2000]<< >>UNKNOWN [0xF7A4F000]<< >>UNKNOWN [0xF7707000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A0B1AB8]
\Driver\Disk[0x8A0763D8] -> IRP_MJ_CREATE -> 0xF765DBB0
3 [0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000078[0x8A0B2F18]
\Driver\ACPI[0x8A107030] -> IRP_MJ_CREATE -> 0xF75AECB8
5 [0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A073940]
\Driver\atapi[0x8A0B7560] -> IRP_MJ_CREATE -> 0xF74AC6F2
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF74A9864
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:15:13.65 ===============
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

I need to see a gmer log in order to help you. Please attach it to your next reply.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #5 ·
As promised, chemist. Here's the gmer log. I'm really impressed with the time people like you give so freely to help those of us less savvy root out bad stuff on our computers. You're a valuable and welcome resource.

Martin
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello Martin.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click Advanced mode if not already selected.
  • Choose Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click Resident.
  • Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
  • If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
  • In the File menu click Exit to exit Spybot Search & Destroy.
------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to Allow or Deny any changes, please Allow them all.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #7 ·
Chemist- In process of saving the personal files as instructed. I've noticed the computer is noticeably slower since starting this process. Desktop and My Docs have lot of files I want to keep so it may be late tonight before you'll get the ComboFix report.
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, Martin. Let's see if ComboFix produced a log.

Go to Start > Run and copy/paste the following into the Run box and click OK:

notepad C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #10 ·
Hi, Chemist. ComboFix log below.

----

ComboFix 11-04-14.01 - Owner 04/15/2011 2:39.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.689 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\0.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\1.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\2.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\3.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\4.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\5.mdd
c:\docume~1\Owner\LOCALS~1\Temp\wrd80074.~lk\6.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\0.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\1.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\2.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\3.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\4.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\5.mdd
c:\documents and settings\Owner\Local Settings\temp\wrd80074.~lk\6.mdd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-14 11:30 . 2011-04-14 11:31 19849216 ---ha-w- c:\documents and settings\Owner\ntuser.tmp
2011-04-10 01:44 . 2011-04-10 01:44 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-06 14:29 . 2011-04-06 14:29 835415 ----a-w- c:\windows\XSitePro2.5 Resource Pack Uninstaller.exe
2011-03-26 09:13 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-26 09:13 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-26 09:13 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-26 09:13 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-26 09:13 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-26 09:13 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-26 09:13 . 2011-03-18 17:53 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-03-26 09:13 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-26 09:13 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-26 00:44 . 2011-03-24 01:41 245208 ----a-w- c:\program files\Mozilla Firefox\nsv14A.tmp\updater.exe
2011-03-26 00:44 . 2011-03-24 01:41 912344 ----a-w- c:\program files\Mozilla Firefox\nsv14A.tmp\firefox.exe
2011-03-18 01:44 . 2011-03-18 01:44 -------- d-----w- c:\program files\DVD or CD Sharing
2011-03-17 01:42 . 2011-03-17 01:42 -------- d-----w- c:\program files\Market Samurai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 19:56 . 2008-05-21 04:08 1748894 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2011-02-09 13:53 . 2004-09-17 16:28 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-09-17 16:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-09-17 16:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-09-17 16:51 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-09-17 16:29 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-03-26 09:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-09-05 03:13 . 2007-07-19 02:29 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 19:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 19:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-26 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-11 242688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2003-12-11 167936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Mind Shift Mixer service.lnk - c:\program files\MSM\MindShiftMixer\MindShiftMixer_Service.exe [2009-12-14 4711947]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-08-16 17:03 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Mozy Status.lnk]
backup=c:\windows\pss\Mozy Status.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
2003-12-11 01:08 167936 ----a-w- c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-05 03:13 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2004-08-04 23:19 81920 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-08-16 17:04 385024 ------w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 23:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-03-20 23:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2004-08-11 00:47 61440 ----a-w- c:\program files\Fujitsu\BtnHnd\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-03 22:24 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-15 11:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RegSrvc"=2 (0x2)
"odserv"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DVD or CD Sharing\\ODSAgent.exe"=
"c:\\Program Files\\DVD or CD Sharing\\RemoteInstallMacOSX.exe"=
.
R0 R592;R592;c:\windows\system32\drivers\R592.sys [9/17/2004 4:32 PM 54912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/24/2010 9:27 AM 95896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 7:06 AM 169312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate1c9c3c137b7cb40;Google Update Service (gupdate1c9c3c137b7cb40);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 10:11 PM 133104]
S2 VVAgent;EVault InfoStage Agent; [x]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 3:20 AM 3872]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6/13/2007 1:03 PM 16512]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 12:46 PM 41216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/18/2007 9:29 PM 29744]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:11]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:11]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445516815-3428477051-2696213475-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 00:41]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445516815-3428477051-2696213475-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 00:41]
.
2011-04-15 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-02-10 12:29]
.
2011-04-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-02-10 12:29]
.
2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{F14C7780-62E2-4947-BC60-97BF53E5C961}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Post To &WP : Nursing-Home-Tips.com - javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('http://nursing-home-tips.com/blog/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Snipe It with BidNip - http://www.bidnip.com/members/reg_snipe.php
Trusted Zone: intellimail2020.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\14mmfdw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org Site Builder Login
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-15 02:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\update.exe
.
**************************************************************************
.
Completion time: 2011-04-15 03:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 08:10
ComboFix2.txt 2011-04-15 06:18
ComboFix3.txt 2011-04-13 14:26
.
Pre-Run: 11,859,365,888 bytes free
Post-Run: 11,796,025,344 bytes free
.
- - End Of File - - 5ED8599A925C0D1648CF52D507A5C17A
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, Martin. It appears you ran ComboFix several times. I only asked you to run it once.

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\ComboFix3.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #12 ·
Sorry about the multiple runs. I let combofix run just before I went to bed at night and didn't realize it would reboot my system. I got confused and thought I'd flubbed the process. So I ran it again...and again. I apologize for the extra work is had caused for you.

Here's ComboFix3.txt

=-=-=-

ComboFix 11-04-12.02 - Owner 04/13/2011 8:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.532 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\af2006.exe
c:\af2006.exe\af2006.exe
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384170.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841A0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841D0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@B14208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@B14238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@B14268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384238.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384170.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841A0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841D0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384170.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841A0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841D0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384170.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841A0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3841D0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384208.###
c:\documents and settings\Owner\Application Data\.#\[email protected][email protected]###
c:\documents and settings\Owner\Application Data\.#\[email protected]@384268.###
c:\documents and settings\Owner\Application Data\EurekaLog
c:\documents and settings\Owner\Application Data\ubot
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_bg_popup.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_window_sliver.gif
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\Owner\WINDOWS\system\New Briefcase\Briefcase Database
c:\documents and settings\Owner\WINDOWS\system\New Briefcase\desktop.ini
C:\My Favourite Icon.exe
c:\my favourite icon.exe\My Favourite Icon.exe
C:\pushbutton2006.exe
c:\pushbutton2006.exe\pushbutton2006.exe
C:\Website Extractor.exe
c:\website extractor.exe\Website Extractor.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsec.fon
c:\windows\ST6UNST.000
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\gotomon.log
c:\windows\system32\regobj.dll
c:\windows\wc98pp.dll
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-10 01:44 . 2011-04-10 01:44 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-06 14:29 . 2011-04-06 14:29 835415 ----a-w- c:\windows\XSitePro2.5 Resource Pack Uninstaller.exe
2011-03-26 09:13 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-26 09:13 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-26 09:13 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-26 09:13 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-26 09:13 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-26 09:13 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-26 09:13 . 2011-03-18 17:53 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-03-26 09:13 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-26 09:13 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-26 00:44 . 2011-03-24 01:41 245208 ----a-w- c:\program files\Mozilla Firefox\nsv14A.tmp\updater.exe
2011-03-26 00:44 . 2011-03-24 01:41 912344 ----a-w- c:\program files\Mozilla Firefox\nsv14A.tmp\firefox.exe
2011-03-18 01:44 . 2011-03-18 01:44 -------- d-----w- c:\program files\DVD or CD Sharing
2011-03-17 01:42 . 2011-03-17 01:42 -------- d-----w- c:\program files\Market Samurai
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 19:56 . 2008-05-21 04:08 1748894 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2011-02-09 13:53 . 2004-09-17 16:28 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-09-17 16:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-09-17 16:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-09-17 16:51 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-09-17 16:29 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-03-26 09:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-09-05 03:13 . 2007-07-19 02:29 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 19:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 19:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-26 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-11 242688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2003-12-11 167936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Mind Shift Mixer service.lnk - c:\program files\MSM\MindShiftMixer\MindShiftMixer_Service.exe [2009-12-14 4711947]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-08-16 17:03 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Mozy Status.lnk]
backup=c:\windows\pss\Mozy Status.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
2003-12-11 01:08 167936 ----a-w- c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-05 03:13 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2004-08-04 23:19 81920 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-08-16 17:04 385024 ------w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 23:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-03-20 23:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2004-08-11 00:47 61440 ----a-w- c:\program files\Fujitsu\BtnHnd\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-03 22:24 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-15 11:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RegSrvc"=2 (0x2)
"odserv"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DVD or CD Sharing\\ODSAgent.exe"=
"c:\\Program Files\\DVD or CD Sharing\\RemoteInstallMacOSX.exe"=
.
R0 R592;R592;c:\windows\system32\drivers\R592.sys [9/17/2004 4:32 PM 54912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/24/2010 9:27 AM 95896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 7:06 AM 169312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate1c9c3c137b7cb40;Google Update Service (gupdate1c9c3c137b7cb40);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 10:11 PM 133104]
S2 VVAgent;EVault InfoStage Agent; [x]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 3:20 AM 3872]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6/13/2007 1:03 PM 16512]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 12:46 PM 41216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/18/2007 9:29 PM 29744]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:11]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:11]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445516815-3428477051-2696213475-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 00:41]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445516815-3428477051-2696213475-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 00:41]
.
2011-04-13 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-02-10 12:29]
.
2011-04-13 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-02-10 12:29]
.
2011-04-13 c:\windows\Tasks\User_Feed_Synchronization-{F14C7780-62E2-4947-BC60-97BF53E5C961}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Post To &WP : Nursing-Home-Tips.com - javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('http://nursing-home-tips.com/blog/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Snipe It with BidNip - http://www.bidnip.com/members/reg_snipe.php
Trusted Zone: intellimail2020.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\14mmfdw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org Site Builder Login
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Gbridge - c:\program files\Gbridge LLC\Gbridge\pstartw.exe
HKCU-Run-Tracker - c:\program files\Gratitude Journal\Sticky.exe
MSConfigStartUp-Iomatic_RegFirewall - c:\program files\Registry Medic 2008\RegFirewall.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-PDF-XChange 3_is1 - c:\program files\Mindjet\MindManager 9\PDF-XChange\unins000.exe
AddRemove-SmartFTP Client 4.0 Setup Files - c:\program files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-13 09:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-04-13 09:26:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-13 14:26
.
Pre-Run: 7,831,719,936 bytes free
Post-Run: 11,655,733,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1CE9CAFE3D3367B6C3EA502F1CEA32FB
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, Martin. Please tell us how your system is behaving.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 6 Update 11, by going to Control Panel (Classic View) and double-clicking on the Java icon (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #14 ·
Report on System Behavior
The computer takes 8-10 minutes to load programs from a cold start or reboot. Frequently lose connection online and have to reestablish my internet link. Processing is sluggish.

=-=-

Here are the logs. Note that when running Eset Online I did not see the option to check for unsafe and unwanted files. The log shows # remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true

I plan to rerun Eset Online to see if it presents checking unsafe files.

ESET Online Scan Log


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e8a692bdc2ff704e94686a02fb9a435a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-19 07:30:13
# local_time=2011-04-19 02:30:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 61602489 61602489 0 0
# compatibility_mode=8199 39157157 100 100 0 24870896 0 0
# scanned=419217
# found=3
# cleaned=0
# scan_time=16152
# nod_component=V3 Build:0x30000000
C:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\Martin\Backup\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I

Malware Bytes



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6374

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/16/2011 10:37:56 AM
mbam-log-2011-04-16 (10-37-56).txt

Scan type: Quick scan
Objects scanned: 160418
Time elapsed: 12 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

·
Premium Member
Joined
·
29,790 Posts
Note that when running Eset Online I did not see the option to check for unsafe and unwanted files.
Are you sure you clicked on Advanced Settings?

Please run dds again and post the first log, DDS.txt, in your next reply.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #17 ·
ESET Log

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e8a692bdc2ff704e94686a02fb9a435a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-19 07:30:13
# local_time=2011-04-19 02:30:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 61602489 61602489 0 0
# compatibility_mode=8199 39157157 100 100 0 24870896 0 0
# scanned=419217
# found=3
# cleaned=0
# scan_time=16152
# nod_component=V3 Build:0x30000000
C:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\Martin\Backup\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e8a692bdc2ff704e94686a02fb9a435a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-20 05:20:20
# local_time=2011-04-20 12:20:20 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 61681395 61681395 0 0
# compatibility_mode=8199 39157157 100 100 0 24949802 0 0
# scanned=419605
# found=3
# cleaned=0
# scan_time=15843
# nod_component=V3 Build:0x30000000
C:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\Martin\Backup\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I
G:\WINDOWS\dbplugin.ocx probably a variant of Win32/Adware.Agent.MCARLOM application (unable to clean) 00000000000000000000000000000000 I


DDS.Txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 6:35:22.92 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.732 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MSM\MindShiftMixer\MindShiftMixer_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: &Google Notebook: {ccccccd3-666f-4f81-8b69-745de9f6d897} - c:\program files\google\google notebook\gnotes1.0.2.19--851897833.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19--851897833.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\mindsh~1.lnk - c:\program files\msm\mindshiftmixer\MindShiftMixer_Service.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Post To &WP : Nursing-Home-Tips.com - javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('http://nursing-home-tips.com/blog/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Snipe It with BidNip - http://www.bidnip.com/members/reg_snipe.php
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_24.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intellimail2020.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\14mmfdw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\1.2.584.15114\npCIDetect5.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org Site Builder Login
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
============= SERVICES / DRIVERS ===============
.
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004-9-17 54912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-6-24 95896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c3c137b7cb40;Google Update Service (gupdate1c9c3c137b7cb40);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S2 VVAgent;EVault InfoStage Agent; [x]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-6-13 16512]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-18 29744]
.
=============== Created Last 30 ================
.
2011-04-16 16:26:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-16 16:26:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-16 15:20:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 15:20:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 12:03:20 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-04-13 13:12:26 -------- d-sha-r- C:\cmdcons
2011-04-13 13:05:25 98816 ----a-w- c:\windows\sed.exe
2011-04-13 13:05:25 89088 ----a-w- c:\windows\MBR.exe
2011-04-13 13:05:25 256512 ----a-w- c:\windows\PEV.exe
2011-04-13 13:05:25 161792 ----a-w- c:\windows\SWREG.exe
2011-04-10 01:44:09 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-06 14:29:01 835415 ----a-w- c:\windows\XSitePro2.5 Resource Pack Uninstaller.exe
2011-03-26 09:13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-26 09:13:16 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-03-26 09:13:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-26 09:13:16 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-26 09:13:16 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-26 09:13:16 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-26 09:13:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-26 09:13:16 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-26 09:13:16 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-26 00:44:46 912344 ----a-w- c:\program files\mozilla firefox\nsv14a.tmp\firefox.exe
2011-03-26 00:44:46 245208 ----a-w- c:\program files\mozilla firefox\nsv14a.tmp\updater.exe
.
==================== Find3M ====================
.
2011-04-06 19:56:53 1748894 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 6:37:12.64 ===============

Once again, Chemist, thank you for your unselfish dedication of time to help me.

Martin
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, Martin. You're welcome.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\WINDOWS\dbplugin.ocx"
"G:\Martin\Backup\WINDOWS\dbplugin.ocx"
"G:\WINDOWS\dbplugin.ocx"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:


Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Not sure about the slowness issue.

Please read the following article: http://www.techsupportforum.com/security-center/hijackthis-log-help/247567-your-pc-running-slow.html

If you still cannot resolve it, you can seek help in our Windows XP Support Forum

------------------------------------------------------
 
1 - 20 of 28 Posts
Status
Not open for further replies.
Top