sorry - I misunderstood / misread ;here are the posted logs as requested
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT -( REMARK-THOUGHT THIS MEAT IT WAS TO BE ATTACHED)
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/19/2009 3:16:25 PM
System Uptime: 7/24/2010 1:54:54 PM (31 hours ago)
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2 | 1803/199mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 22.979 GiB free.
D: is FIXED (NTFS) - 104 GiB total, 1.252 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 0.509 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&51
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&A0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&A0
Service:
==== System Restore Points ===================
RP319: 7/25/2010 3:55:29 AM - System Checkpoint
==== Installed Programs ======================
a-squared Free 4.5
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AirPlus Xtreme G
ANIO Service
ANIWZCS Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CDDRV_Installer
Cinema Tycoon 2 - Movie Mania (remove only)
Fairy Godmother Tycoon (remove only)
Farm Frenzy 3 (remove only)
FLAC 1.2.1b (remove only)
H&R Block Basic + Efile 2009
H&R Block Ohio 2009
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Inkjet Printer/Scanner Extended Survey Program
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Jojos Fashion Show World Tour (remove only)
KhalInstallWrapper
Linksys Wireless Manager
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
McAfee Security Scan
McAfee Virtual Technician
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mkw Audio Compression Toolkit
Mozilla Firefox (3.6.
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB954459)
Mystery Case Files Return to Ravenhearst (remove only)
NVIDIA Drivers
OpenOffice.org 3.1
Princess Isabella - A Witchs Curse (remove only)
Pure Networks Platform
QuickTime
Realtek AC'97 Audio
RegCure
Rhapsody
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sound Blaster Audigy
Spy Sweeper Core
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware
Total Annihilation: Kingdoms
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.5
WD Anywhere Backup
WebFldrs XP
Webroot AntiVirus with Spy Sweeper
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2009
WinZip 14.5
Yahoo! Anti-Spy
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/25/2010 8:11:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/25/2010 8:10:55 PM, error: Service Control Manager [7034] - The Inkjet Printer/Scanner Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 8:49:52 PM, error: WMPNetworkSvc [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
7/24/2010 6:19:17 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.7 with the system having network hardware address F8:1E:DF:B9:2F:A9. Network operations on this system may be disrupted as a result.
7/24/2010 2:12:26 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/24/2010 2:01:21 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
7/24/2010 2:00:58 PM, error: Dhcp [1002] - The IP address lease 10.0.0.5 for the Network Card with network address 000D88E58C7E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
here is DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 20:13:56.17 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.993 [GMT -4:00]
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
============== Running Processes ===============
D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
D:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
D:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\James.JAMES-DESKTOP\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - d:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - d:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] "d:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [TaskTray] "d:\program files\creative\sbaudigy\taskbar\CTLTray.exe"
uRun: [Taskbar] "d:\program files\creative\sbaudigy\taskbar\CTLTask.exe"
uRun: [ctfmon.exe] "d:\windows\system32\ctfmon.exe"
uRun: [WMPNSCFG] "d:\program files\windows media player\WMPNSCFG.exe"
mRun: [D-Link AirPlus Xtreme G] "d:\program files\d-link\airplus xtreme g\AirPlusCFG.exe"
mRun: [ANIWZCSService] "d:\program files\alpha networks\aniwzcs service\WZCSLDR.exe"
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" d:\windows\system32\NvCpl.dll,NvStartup
mRun: [CanonSolutionMenu] "d:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun: [CanonMyPrinter] "d:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [WinPatrol] "d:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [WD Anywhere Backup] "d:\program files\wd\wd anywhere backup\MemeoLauncher2.exe" --silent
mRun: [UpdReg] "d:\windows\Updreg.exe"
mRun: [CTStartup] "d:\program files\creative\sbaudigy\program\CTEaxSpl.EXE" /run
mRun: [Jet Detection] "d:\program files\creative\sbaudigy\program\ADGJDet.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "d:\program files\windows defender\MSASCui.exe" -hide
mRun: [SpySweeper] "d:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: d:\docume~1\james~1.jam\startm~1\programs\startup\openof~1.lnk - d:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\logite~2.lnk - d:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftup ... 5988380234DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - d:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1
www.spywareinfo.com================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\james~1.jam\applic~1\mozilla\firefox\profiles\o9fabn40.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/|http://www.msn.co ... fforum.comFF - prefs.js: keyword.URL -
hxxp://www.google.com/search?q=FF - plugin: d:\documents and settings\james.james-desktop\application data\mozilla\firefox\profiles\o9fabn40.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2free;a-squared Free Service;d:\program files\a-squared free\a2service.exe [2010-6-24 1872320]
R2 MemeoBackgroundService;MemeoBackgroundService;d:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;d:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WinDefend;Windows Defender;d:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;d:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-10-29 1201640]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);d:\windows\system32\drivers\A3AB.sys [2003-10-22 344800]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);d:\windows\system32\drivers\e10kx2k.sys [2001-7-13 1745168]
S2 0247471256399842mcinstcleanup;McAfee Application Installer Cleanup (0247471256399842);d:\docume~1\james~1.jam\locals~1\temp\024747~1.exe d:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> d:\docume~1\james~1.jam\locals~1\temp\024747~1.exe d:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;d:\windows\system32\drivers\mferkdk.sys [2009-10-19 34248]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;d:\windows\system32\drivers\WUSB54GCv3.sys [2009-12-28 627072]
=============== Created Last 30 ================
2010-07-17 19:10:11 0 d-----w- d:\program files\Trend Micro
2010-07-08 22:52:07 0 d-----w- d:\docume~1\alluse~1.win\applic~1\RegCure
2010-06-29 03:54:21 0 d-----w- d:\docume~1\alluse~1.win\applic~1\FarmFrenzy3
==================== Find3M ====================
2010-05-18 20:35:16 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-05-18 20:35:16 75040 ----a-w- d:\windows\system32\jdns_sd.dll
2010-05-18 20:35:16 197920 ----a-w- d:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- d:\windows\system32\dns-sd.exe
2010-05-10 22:40:05 411368 ----a-w- d:\windows\system32\deployJava1.dll
2009-10-25 21:25:46 32768 --sha-w- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102520091026\index.dat
============= FINISH: 20:15:42.30 ===============
GMER:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-26 07:39:00
Windows 5.1.2600 Service Pack 3
Running: qssfoi01.exe; Driver: D:\DOCUME~1\JAMES~1.JAM\LOCALS~1\Temp\awlyqaow.sys
---- System - GMER 1.0.15 ----
SSDT 8A712210 ZwAllocateVirtualMemory
SSDT 8A75CA58 ZwCreateKey
SSDT 8A75B168 ZwCreateProcess
SSDT 8A75D120 ZwCreateProcessEx
SSDT 8A758020 ZwCreateThread
SSDT 8A7011E8 ZwDeleteKey
SSDT 8A67A318 ZwDeleteValueKey
SSDT 8A712288 ZwQueueApcThread
SSDT 8A74EA08 ZwReadVirtualMemory
SSDT 8A6D0180 ZwRenameKey
SSDT 8A695FA8 ZwSetContextThread
SSDT 8A74E070 ZwSetInformationKey
SSDT 8A695A70 ZwSetInformationProcess
SSDT 8A757238 ZwSetInformationThread
SSDT 8A75D398 ZwSetValueKey
SSDT 8A6EECB0 ZwSuspendProcess
SSDT 8A695F30 ZwSuspendThread
SSDT 8A67A098 ZwTerminateProcess
SSDT 8A764748 ZwTerminateThread
SSDT 8A712198 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes CALL 5ADA8CB6
.text ntkrnlpa.exe!ZwCallbackReturn + 2654 80501E8C 4 Bytes JMP 8A608A74
.text D:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB66E0360, 0x3D46A5, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\a-squared Free\a2service.exe[144] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454E05 D:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
.text D:\WINDOWS\Explorer.EXE[776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text D:\WINDOWS\Explorer.EXE[776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text D:\WINDOWS\Explorer.EXE[776] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text D:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text D:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text D:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text D:\WINDOWS\System32\svchost.exe[1324] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text D:\WINDOWS\System32\svchost.exe[1324] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D8000A
.text D:\Program Files\Mozilla Firefox\firefox.exe[3712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A
.text D:\Program Files\Mozilla Firefox\firefox.exe[3712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A
.text D:\Program Files\Mozilla Firefox\firefox.exe[3712] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[3864] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (
www.webroot.com))
Device \Driver\Tcpip \Device\Ip 8A374120
Device \Driver\Tcpip \Device\Ip 8A557CC0
Device \Driver\Tcpip \Device\Ip 8A6D9628
Device \Driver\Tcpip \Device\Ip 89492340
Device \Driver\Tcpip \Device\Ip 895E5630
Device \Driver\Tcpip \Device\Ip 8A2C7608
Device \Driver\Tcpip \Device\Tcp 8A374120
Device \Driver\Tcpip \Device\Tcp 8A557CC0
Device \Driver\Tcpip \Device\Tcp 8A6D9628
Device \Driver\Tcpip \Device\Tcp 89492340
Device \Driver\Tcpip \Device\Tcp 895E5630
Device \Driver\Tcpip \Device\Tcp 8A2C7608
Device \Driver\Tcpip \Device\Udp 8A374120
Device \Driver\Tcpip \Device\Udp 8A557CC0
Device \Driver\Tcpip \Device\Udp 8A6D9628
Device \Driver\Tcpip \Device\Udp 89492340
Device \Driver\Tcpip \Device\Udp 895E5630
Device \Driver\Tcpip \Device\Udp 8A2C7608
Device \Driver\Tcpip \Device\RawIp 8A374120
Device \Driver\Tcpip \Device\RawIp 8A557CC0
Device \Driver\Tcpip \Device\RawIp 8A6D9628
Device \Driver\Tcpip \Device\RawIp 89492340
Device \Driver\Tcpip \Device\RawIp 895E5630
Device \Driver\Tcpip \Device\RawIp 8A2C7608
Device \Driver\Tcpip \Device\IPMULTICAST 8A374120
Device \Driver\Tcpip \Device\IPMULTICAST 8A557CC0
Device \Driver\Tcpip \Device\IPMULTICAST 8A6D9628
Device \Driver\Tcpip \Device\IPMULTICAST 89492340
Device \Driver\Tcpip \Device\IPMULTICAST 895E5630
Device \Driver\Tcpip \Device\IPMULTICAST 8A2C7608
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (
www.webroot.com))
---- EOF - GMER 1.0.15 ----