Inactive Malware and redirect bugs

willskinjam · 2010/06/06

[Inactive] Malware and redirect bugs

Hi,

My pc was infected by "protection center" last week. I ran spybot which seemed to remove the bug for 24hours but it came back. I then ran malwarebytes which has removed the "protection center" issue but now I have a google redirect bug and my browser seems to be running very poortly.

DDS logs are below. Appreciate any help. Will.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:07:32.78 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.163 [GMT -4:00]

AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\providerComcast\bin\tgsrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.boston.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE "
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe "
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: &Search - ?p=ZJman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: hotmail.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.air-worldwide.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128952349046
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37350.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: Modonres - {314FE6AF-E6B1-46F5-9EBC-BD3CF69EB724} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0107xnds.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.boston.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "backups.number_of_prefs_copies ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.link.open_newwindow.ui ", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.closed ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.document ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.frames ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.history ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.length ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.opener ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.parent ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.self ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.top ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.window ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.disable_window_open_feature.status ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "advanced.always_load_images ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.protocol-handler.external.help ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.connect.timeout ", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.request.timeout ", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN_show_punycode ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.image.imageBehavior ", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.cookieBehavior ", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.id ", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384} ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.version ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.extensions.version ", "1.0 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.build_id ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.autoUpdateEnabled ", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.url ", "chrome://mozapps/locale/update/update.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.updatesAvailable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.lastUpdateDate ", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.performed ", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdateEnabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdate ", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.interval ", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.lastUpdateDate ", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.severity.threshold ", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.count ", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.interval ", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.showSlidingNotification ", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.severity ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "general.useragent.vendor ", "Firefox ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "general.useragent.vendorSub ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.update.resetHomepage ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.startup.homepage_override.1 ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.turbo.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://browser/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://browser/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update_notifications.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update_notifications.provider.0.frequency ", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.xul.error_pages.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "pfs.datasource.url ", "chrome://mozapps/locale/plugins/plugins.properties ");

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-10-5 368256]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe [2008-5-2 148768]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-3 136176]
S2 mrtRate;mrtRate; [x]

=============== Created Last 30 ================

2010-06-06 13:10:15 0 dc-h--w- c:\windows\ie8
2010-06-03 10:48:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-03 10:48:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 10:48:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 01:06:41 0 d-----w- c:\program files\msn gaming zone
2010-06-02 04:59:51 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 20:16:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-22 21:46:43 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-04-16 12:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 16:09:57.37 ===============

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:07:32.78 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.163 [GMT -4:00]

AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\providerComcast\bin\tgsrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.boston.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE "
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe "
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: &Search - ?p=ZJman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: hotmail.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.air-worldwide.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128952349046
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37350.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: Modonres - {314FE6AF-E6B1-46F5-9EBC-BD3CF69EB724} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0107xnds.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.boston.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "backups.number_of_prefs_copies ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.link.open_newwindow.ui ", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.closed ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.document ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.frames ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.history ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.length ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.opener ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.parent ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.self ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.top ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.default.Window.window ", "allAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.disable_window_open_feature.status ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "advanced.always_load_images ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.protocol-handler.external.help ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.connect.timeout ", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.request.timeout ", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN_show_punycode ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.image.imageBehavior ", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.cookieBehavior ", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.id ", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384} ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.version ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.extensions.version ", "1.0 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.build_id ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.autoUpdateEnabled ", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.url ", "chrome://mozapps/locale/update/update.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.updatesAvailable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.lastUpdateDate ", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "app.update.performed ", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdateEnabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdate ", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.interval ", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.lastUpdateDate ", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.severity.threshold ", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.update.count ", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.interval ", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.showSlidingNotification ", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update.severity ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "general.useragent.vendor ", "Firefox ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "general.useragent.vendorSub ",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.update.resetHomepage ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.startup.homepage_override.1 ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.turbo.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://browser/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://browser/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update_notifications.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "update_notifications.provider.0.frequency ", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.xul.error_pages.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "pfs.datasource.url ", "chrome://mozapps/locale/plugins/plugins.properties ");

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-10-5 368256]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe [2008-5-2 148768]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-3 136176]
S2 mrtRate;mrtRate; [x]

=============== Created Last 30 ================

2010-06-06 13:10:15 0 dc-h--w- c:\windows\ie8
2010-06-03 10:48:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-03 10:48:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 10:48:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 01:06:41 0 d-----w- c:\program files\msn gaming zone
2010-06-02 04:59:51 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 20:16:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-22 21:46:43 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-04-16 12:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 16:09:57.37 ===============

Admin. · 2010/06/06

You also need to post Attach.txt

willskinjam · 2010/06/06

Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/23/2005 1:39:25 AM
System Uptime: 6/6/2010 9:28:32 AM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 143 GiB total, 34.607 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.951 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP1065: 3/9/2010 12:42:13 PM - System Checkpoint
RP1066: 3/10/2010 7:39:54 PM - Software Distribution Service 3.0
RP1067: 3/12/2010 8:33:20 AM - System Checkpoint
RP1068: 3/13/2010 9:54:50 AM - System Checkpoint
RP1069: 3/14/2010 11:15:34 AM - System Checkpoint
RP1070: 3/16/2010 5:34:50 AM - System Checkpoint
RP1071: 3/17/2010 9:53:33 AM - System Checkpoint
RP1072: 3/18/2010 11:55:57 AM - System Checkpoint
RP1073: 3/19/2010 4:42:29 PM - System Checkpoint
RP1074: 3/20/2010 6:52:02 PM - System Checkpoint
RP1075: 3/22/2010 4:35:07 PM - System Checkpoint
RP1076: 3/24/2010 1:49:42 PM - System Checkpoint
RP1077: 3/26/2010 8:39:59 AM - System Checkpoint
RP1078: 3/27/2010 10:42:11 PM - System Checkpoint
RP1079: 3/29/2010 8:52:44 AM - System Checkpoint
RP1080: 3/30/2010 12:07:25 PM - System Checkpoint
RP1081: 3/31/2010 3:00:31 AM - Software Distribution Service 3.0
RP1082: 4/1/2010 10:07:48 AM - System Checkpoint
RP1083: 4/2/2010 3:48:29 PM - System Checkpoint
RP1084: 4/4/2010 9:19:26 PM - System Checkpoint
RP1085: 4/6/2010 9:55:14 AM - System Checkpoint
RP1086: 4/7/2010 2:48:38 PM - System Checkpoint
RP1087: 4/8/2010 3:01:25 PM - System Checkpoint
RP1088: 4/10/2010 3:48:55 AM - System Checkpoint
RP1089: 4/11/2010 11:05:09 AM - System Checkpoint
RP1090: 4/12/2010 7:25:05 PM - System Checkpoint
RP1091: 4/14/2010 3:23:01 AM - Software Distribution Service 3.0
RP1092: 4/15/2010 9:21:41 AM - System Checkpoint
RP1093: 4/16/2010 7:02:24 PM - System Checkpoint
RP1094: 4/18/2010 8:55:38 AM - System Checkpoint
RP1095: 4/19/2010 9:19:01 AM - System Checkpoint
RP1096: 4/21/2010 1:52:45 PM - System Checkpoint
RP1097: 4/22/2010 7:16:52 PM - System Checkpoint
RP1098: 4/22/2010 8:47:32 PM - Installed Cisco AnyConnect VPN Client
RP1099: 4/24/2010 5:24:16 PM - System Checkpoint
RP1100: 4/25/2010 6:01:05 PM - System Checkpoint
RP1101: 4/26/2010 6:16:17 PM - System Checkpoint
RP1102: 4/28/2010 1:26:38 PM - System Checkpoint
RP1103: 4/30/2010 5:45:26 AM - System Checkpoint
RP1104: 5/1/2010 5:46:39 AM - System Checkpoint
RP1105: 5/2/2010 3:35:30 PM - System Checkpoint
RP1106: 5/4/2010 12:32:32 AM - System Checkpoint
RP1107: 5/5/2010 9:55:53 AM - System Checkpoint
RP1108: 5/7/2010 5:56:21 PM - System Checkpoint
RP1109: 5/9/2010 8:12:40 AM - System Checkpoint
RP1110: 5/10/2010 2:58:24 PM - System Checkpoint
RP1111: 5/11/2010 5:41:06 PM - System Checkpoint
RP1112: 5/13/2010 7:42:57 AM - Software Distribution Service 3.0
RP1113: 5/14/2010 2:25:08 PM - System Checkpoint
RP1114: 5/16/2010 10:53:57 AM - System Checkpoint
RP1115: 5/17/2010 3:55:50 PM - System Checkpoint
RP1116: 5/19/2010 8:54:30 AM - System Checkpoint
RP1117: 5/21/2010 7:03:49 PM - System Checkpoint
RP1118: 5/23/2010 12:45:27 PM - System Checkpoint
RP1119: 5/24/2010 1:48:34 PM - System Checkpoint
RP1120: 5/26/2010 5:50:17 AM - System Checkpoint
RP1121: 5/27/2010 5:39:24 AM - Software Distribution Service 3.0
RP1122: 5/28/2010 7:46:51 AM - System Checkpoint
RP1123: 5/29/2010 10:25:17 AM - System Checkpoint
RP1124: 5/30/2010 10:51:24 PM - System Checkpoint
RP1125: 6/1/2010 2:21:41 AM - System Checkpoint
RP1126: 6/3/2010 12:24:45 PM - System Checkpoint
RP1127: 6/4/2010 2:21:15 PM - System Checkpoint
RP1128: 6/6/2010 9:11:16 AM - Installed Windows Internet Explorer 8.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ArcSoft ShowBiz 2
Bonjour
BUM
Cisco AnyConnect VPN Client
Comcast User Setup
Compatibility Pack for the 2007 Office system
CreativeProjects
Director
Disney Toontown Online
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.0
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Update
HPImageZone
HPIZ Fix2
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java Web Start
KODAK EASYSHARE Gallery Easy Upload, v2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Move Media Player
Mozilla Firefox (1.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Card Reader
MUSICMATCH® Jukebox
Nikon Message Center
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
PictureProject
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2003 New User Edition
QuickProjects
QuickTime
RecordNow!
Roxio MyDVD Premier 8
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
SmartDraw 2009
Sonic Update Manager
Spybot - Search & Destroy
STX from Hewlett-Packard Desktops (remove only)
toolkit
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Virtual Warfare from Hewlett-Packard Desktops (remove only)
WD Diagnostics
WebFldrs XP
Weblink
WildTangent GameChannel (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WordPerfect Office 11
ZoneAlarm

==== Event Viewer Messages From Past Week ========

6/6/2010 8:56:07 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
6/5/2010 9:52:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/3/2010 11:06:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nv_agp SISAGP viaagp1
6/2/2010 9:05:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments " " in order to run the server: {69AD4AEE-51BE-439B-A92C-86AE490E8B30}
6/2/2010 8:54:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/2/2010 7:18:18 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2010 7:18:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
6/2/2010 12:39:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
6/2/2010 12:38:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/2/2010 12:17:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/1/2010 10:38:15 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
6/1/2010 10:37:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/1/2010 10:37:33 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2010 10:37:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
5/31/2010 12:38:00 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000C6EDD66BE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/31/2010 12:34:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
5/31/2010 12:34:59 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 12:31:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
5/30/2010 9:25:17 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/30/2010 8:00:34 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/30/2010 4:25:55 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
5/30/2010 4:25:44 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/30/2010 4:25:44 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/30/2010 4:24:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/30/2010 4:16:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/30/2010 3:41:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

==== End Of File ===========================

broni · 2010/06/06

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

willskinjam · 2010/06/07

Please see ComboFix log below

ComboFix 10-06-07.03 - Owner 06/07/2010 19:32:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.268 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\windows\inf\dm.PNF
c:\windows\system32\917671
c:\windows\system32\PRAGMAerrors.log
C:\xcrashdump.dat
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-06 13:10 . 2010-06-06 13:12 -------- dc-h--w- c:\windows\ie8
2010-06-04 18:43 . 2010-06-05 00:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\nrysubavc
2010-06-03 23:56 . 2010-06-03 23:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-03 23:51 . 2010-06-07 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-03 10:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-03 10:48 . 2010-06-03 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 10:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 04:59 . 2010-06-02 05:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 20:16 . 2010-06-01 20:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 06:35 . 2010-06-01 06:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-01 06:35 . 2010-06-01 06:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-31 02:19 . 2010-05-31 02:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-05-30 11:21 . 2010-05-30 20:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\bmwfnotts
2010-05-22 21:54 . 2010-05-22 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-22 21:46 . 2010-05-22 21:46 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 23:57 . 2003-08-23 14:12 109912 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-07 10:14 . 2006-07-18 01:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-07 10:13 . 2006-07-18 01:02 -------- d-----w- c:\program files\Roxio
2010-06-07 10:13 . 2006-07-18 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-07 10:02 . 2008-10-25 23:28 -------- d-----w- c:\program files\Picasa2
2010-06-07 09:55 . 2004-05-14 01:03 -------- d-----w- c:\program files\Google
2010-06-07 09:51 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 09:50 . 2008-10-25 23:24 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo
2010-06-02 05:00 . 2007-07-20 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 23:04 . 2003-08-29 03:19 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2010-06-01 22:42 . 2004-03-31 02:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-31 02:20 . 2007-07-19 13:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-22 21:56 . 2004-09-18 14:54 -------- d-----w- c:\program files\iTunes
2010-05-22 21:55 . 2004-03-31 02:15 -------- d-----w- c:\program files\iPod
2010-05-22 21:55 . 2007-11-24 20:23 -------- d-----w- c:\program files\Common Files\Apple
2010-05-22 21:50 . 2005-10-17 22:52 -------- d-----w- c:\program files\QuickTime
2010-05-12 01:36 . 2010-01-12 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-05-12 00:37 . 2007-01-01 00:26 -------- d-----w- c:\program files\Common Files\Java
2010-04-23 19:32 . 2007-11-24 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-23 00:48 . 2010-04-23 00:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Cisco
2010-04-23 00:47 . 2010-04-23 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco
2010-04-23 00:47 . 2010-04-23 00:47 -------- d-----w- c:\program files\Cisco
2010-04-22 01:20 . 2010-04-22 01:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2010-04-16 12:33 . 2009-10-31 13:50 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2007-11-24 20:24 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2005-09-15 22:26 . 2005-10-16 23:04 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-09-15 22:26 . 2005-10-16 23:04 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-09-15 22:26 . 2005-10-16 23:04 160871 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"NVIEW "= "nview.dll" [2003-05-03 835654]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor "= "c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05 "= "c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05 "= "c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"StorageGuard "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"AutoTKit "= "c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"Sunkist2k "= "c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"mmtask "= "c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"Zone Labs Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 980736]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickFinder Scheduler "= "c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
"KBD "= "c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-11-5 118784]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 1:40 PM 148768]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 4:39 PM 427192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2010 7:51 PM 136176]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 23:51]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 23:51]

2010-06-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-03-25 11:29]

2005-09-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-29 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: hotmail.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.air-worldwide.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37350.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0107xnds.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.boston.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "backups.number_of_prefs_copies ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.link.open_newwindow.ui ", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.closed ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.document ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.frames ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.history ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.length ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.opener ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.parent ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.self ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.top ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.window ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.disable_window_open_feature.status ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "advanced.always_load_images ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.protocol-handler.external.help ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.connect.timeout ", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.request.timeout ", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN_show_punycode ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.image.imageBehavior ", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.cookieBehavior ", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.id ", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384} ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.version ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.extensions.version ", "1.0 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.build_id ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.autoUpdateEnabled ", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.url ", "chrome://mozapps/locale/update/update.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.updatesAvailable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.lastUpdateDate ", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.performed ", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdateEnabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdate ", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.interval ", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.lastUpdateDate ", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.severity.threshold ", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.count ", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.interval ", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.showSlidingNotification ", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.severity ", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "general.useragent.vendor ", "Firefox ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "general.useragent.vendorSub ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.update.resetHomepage ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.startup.homepage_override.1 ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.turbo.enabled ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://browser/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://browser/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update_notifications.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update_notifications.provider.0.frequency ", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.xul.error_pages.enabled ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "pfs.datasource.url ", "chrome://mozapps/locale/plugins/plugins.properties ");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
SSODL-Modonres-{314FE6AF-E6B1-46F5-9EBC-BD3CF69EB724} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\nView.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-07 20:10:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-08 00:10

Pre-Run: 37,003,423,744 bytes free
Post-Run: 39,719,366,656 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 31584BCAEDD5E79DE8A5F8A20AA4186E

broni · 2010/06/07

How is redirection issue?

Please download PragmaFix and double click on it to run it.
A log will open, when scan is done.
Post the log.

Note - when you run PragmaFix you need an active internet connection!

willskinjam · 2010/06/09

PragmaFix log

Hi there,

The redirection issue is fixed, as are the other bugs. Thank you very much for your help. Will.
_________________________________________

Wed 06/09/2010 20:39:17.28

No embedded null keys found

broni · 2010/06/09

Very good

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Tasks\Symantec NetDetect.job


Folder::
c:\documents and settings\Owner\Local Settings\Application Data\nrysubavc
c:\program files\Symantec

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring "=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

broni · 2010/06/15

Are you still out there?

willskinjam · 2010/06/16

Yes still here. Thanks for the help. CombFix.txt included.

ComboFix 10-06-16.02 - Owner 06/16/2010 20:27:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.294 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\Tasks\Symantec NetDetect.job "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\nrysubavc
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LuAll.cnt
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALL.HLP
c:\program files\Symantec\LiveUpdate\LuComServer.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\windows\Tasks\Symantec NetDetect.job
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-15 20:56 . 2010-06-15 20:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-06-10 00:39 . 2006-11-01 17:06 162616 ----a-w- c:\windows\RegDelNull.exe
2010-06-09 18:51 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 13:10 . 2010-06-06 13:12 -------- dc-h--w- c:\windows\ie8
2010-06-03 23:56 . 2010-06-03 23:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-03 23:51 . 2010-06-07 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-03 10:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-03 10:48 . 2010-06-03 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 10:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 04:59 . 2010-06-02 05:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 20:16 . 2010-06-01 20:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 06:35 . 2010-06-01 06:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-01 06:35 . 2010-06-01 06:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-31 02:19 . 2010-05-31 02:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-05-30 11:21 . 2010-05-30 20:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\bmwfnotts
2010-05-22 21:54 . 2010-05-22 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-22 21:46 . 2010-05-22 21:46 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 11:24 . 2010-06-10 11:24 38072 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_08_05_29_39_small.dmp.zip
2010-06-08 09:29 . 2010-06-08 09:29 35569 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_07_20_15_56_small.dmp.zip
2010-06-07 23:57 . 2003-08-23 14:12 109912 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-07 23:31 . 2010-06-07 23:31 36232 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_07_05_57_29_small.dmp.zip
2010-06-07 10:14 . 2006-07-18 01:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-07 10:13 . 2006-07-18 01:02 -------- d-----w- c:\program files\Roxio
2010-06-07 10:13 . 2006-07-18 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-07 10:02 . 2008-10-25 23:28 -------- d-----w- c:\program files\Picasa2
2010-06-07 09:56 . 2010-06-07 09:56 41637 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_07_05_43_29_small.dmp.zip
2010-06-07 09:55 . 2004-05-14 01:03 -------- d-----w- c:\program files\Google
2010-06-07 09:51 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 09:50 . 2008-10-25 23:24 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo
2010-06-07 08:38 . 2010-06-07 08:38 55461 ----a-w- c:\windows\Internet Logs\GLB75_2nd_2010_06_06_19_52_23_small.dmp.zip
2010-06-07 08:38 . 2010-06-07 08:38 37042 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_06_16_38_04_small.dmp.zip
2010-06-07 08:38 . 2010-06-07 08:38 56429 ----a-w- c:\windows\Internet Logs\GLB33_2nd_2010_06_06_18_28_17_small.dmp.zip
2010-06-07 08:38 . 2010-06-07 08:38 13267497 ----a-w- c:\windows\Internet Logs\GLB2C_2nd_2010_06_06_17_30_45_full.dmp.zip
2010-06-06 20:37 . 2010-06-06 20:37 37958 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_06_06_09_16_52_small.dmp.zip
2010-06-02 05:00 . 2007-07-20 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 23:04 . 2003-08-29 03:19 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2010-06-01 22:42 . 2004-03-31 02:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-31 02:20 . 2007-07-19 13:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-22 21:56 . 2004-09-18 14:54 -------- d-----w- c:\program files\iTunes
2010-05-22 21:55 . 2004-03-31 02:15 -------- d-----w- c:\program files\iPod
2010-05-22 21:55 . 2007-11-24 20:23 -------- d-----w- c:\program files\Common Files\Apple
2010-05-22 21:50 . 2005-10-17 22:52 -------- d-----w- c:\program files\QuickTime
2010-05-12 01:36 . 2010-01-12 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-05-12 00:37 . 2007-01-01 00:26 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 10:41 . 2005-06-18 03:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-08-08 15:35 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 19:32 . 2007-11-24 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-23 00:48 . 2010-04-23 00:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Cisco
2010-04-23 00:47 . 2010-04-23 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco
2010-04-23 00:47 . 2010-04-23 00:47 -------- d-----w- c:\program files\Cisco
2010-04-22 01:20 . 2010-04-22 01:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2010-04-20 05:30 . 2003-08-08 16:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33 . 2009-10-31 13:50 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2007-11-24 20:24 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2005-09-15 22:26 . 2005-10-16 23:04 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-09-15 22:26 . 2005-10-16 23:04 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-09-15 22:26 . 2005-10-16 23:04 160871 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"NVIEW "= "nview.dll" [2003-05-03 835654]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor "= "c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05 "= "c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05 "= "c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"StorageGuard "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"AutoTKit "= "c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"Sunkist2k "= "c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"mmtask "= "c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"Zone Labs Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 980736]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickFinder Scheduler "= "c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
"KBD "= "c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-11-5 118784]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 1:40 PM 148768]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 4:39 PM 427192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2010 7:51 PM 136176]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 23:51]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 23:51]

2010-06-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-03-25 11:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: hotmail.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.air-worldwide.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37350.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0107xnds.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.boston.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "backups.number_of_prefs_copies ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.link.open_newwindow.ui ", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.closed ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.document ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.frames ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.history ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.length ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.opener ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.parent ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.self ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.top ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.default.Window.window ", "allAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.disable_window_open_feature.status ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "advanced.always_load_images ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.protocol-handler.external.help ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.connect.timeout ", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.request.timeout ", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN_show_punycode ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.image.imageBehavior ", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.cookieBehavior ", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.id ", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384} ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.version ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.extensions.version ", "1.0 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.build_id ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.autoUpdateEnabled ", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.url ", "chrome://mozapps/locale/update/update.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.updatesAvailable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.lastUpdateDate ", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "app.update.performed ", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdateEnabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.autoUpdate ", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.interval ", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.lastUpdateDate ", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.severity.threshold ", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.update.count ", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.interval ", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.showSlidingNotification ", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update.severity ", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "general.useragent.vendor ", "Firefox ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "general.useragent.vendorSub ",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.update.resetHomepage ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.startup.homepage_override.1 ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.turbo.enabled ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://browser/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://browser/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update_notifications.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "update_notifications.provider.0.frequency ", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.xul.error_pages.enabled ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "pfs.datasource.url ", "chrome://mozapps/locale/plugins/plugins.properties ");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2010-06-16 20:53:14
ComboFix-quarantined-files.txt 2010-06-17 00:53
ComboFix2.txt 2010-06-08 00:10

Pre-Run: 38,941,593,600 bytes free
Post-Run: 39,174,840,320 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 88DDB6460477DA45F81B8BC3F9A2ABD3

broni · 2010/06/16

Good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

Now, it's time to install fresh AV program.
Download and install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

=================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni · 2010/06/23

Are you still out there?

Log in or Sign up

Inactive Malware and redirect bugs

willskinjam Inactive Thread Starter

Admin. Administrator Administrator Staff

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Malware and redirect bugs

willskinjam Inactive Thread Starter

Admin. Administrator Administrator Staff

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

willskinjam Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches