generic downloader.x!dxz

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

generic downloader.x!dxz8th June 2010, 6:31 am

Hi there,

Im not a very computer literate person so please be gentle with me. I really need someones help to fix a few issues.

1. I keep getting a repeated message that Windows Defender has finished downloading an update. I keep clicking ok but the same message will appear again a little while later. How do I get rid ofthis issue???

2. I have McAfee as my computer protection and been pleased with how it works. I do regular scans to detect troubles and it fixes them no problems. However, Just recently I have found a problem that I can Not get rid of. There seems to be a Trojan called Generic Downloader.x!dxz. Sine this has been on the computer, Internet explorer opens up secondry windows to web sites I do not want. Also the system seems to have slowed down dramatically and at times will freeze up. It was sooo bad the other day I had to boot up the computer in SAFE mode just to see if it would start. It did, so I rebooted in normal mode and it worked ok but ran very slow.

Please help me with these issues its driving me insane.

Kind regards,

Blueboy76

P.s I have attached the OTL scan you asked for in the intro page. Hope this is correct. I cut and pasted it in MS Word so I hope it works for you.

Re: generic downloader.x!dxz8th June 2010, 5:30 pm

Hello.
No attachments are in your post??

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
generic downloader.x!dxz DXwU4

Scan results that were missing9th June 2010, 2:47 am

Hi there,

My appologies for the missing attachment. I couldv'e sworn it was attached. any how lets try again.

Regards,
Blueboy76

Re: generic downloader.x!dxz10th June 2010, 12:21 am

Hello.
I can't open docx files, please post the logs instead.

Re: generic downloader.x!dxz10th June 2010, 7:51 am

My scan results dont fit here. They're too big. Please explain how to sent them so you can open them to help me. Like I said earlier Im really not that great at working computer stuff without specific instructions. I really dont want to waste your valuable time.

Regards,

Blueboy

Re: generic downloader.x!dxz10th June 2010, 9:04 pm

Hello.
Okay, please copy all the logs into a .txt file instead of .docx and then attach the .txt file.

.txt file you required11th June 2010, 1:13 am

Hi Belahzur,
I appreciate your time here, so thanks for that. Please find the .txt file you require attached. I hope Ive done it right.

Cheers,
Blueboy76

Re: generic downloader.x!dxz11th June 2010, 12:33 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
PRC - [2010/06/06 17:38:36 | 000,147,456 | -HS- | M] (Artem Izmaylov) -- C:\Users\Ken\AppData\Roaming\SystemProc\lsass.exe
O2 - BHO: (no name) - {0000DB19-BF6D-413C-BDEE-37D6594E583c} - C:\ProgramData\dwmredir32.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (C:\Windows\system32\crtdll32.dll) - C:\Windows\System32\crtdll32.dll ()
[2010/05/22 21:19:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/05/22 21:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\1794963555
[2010/05/22 21:19:18 | 000,000,000 | -HSD | C] -- C:\Users\Ken\AppData\Roaming\SystemProc
[2010/06/08 10:50:33 | 000,304,640 | ---- | M] () -- C:\ProgramData\dwmredir32.dll
2010/06/08 12:41:24 | 000,000,114 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\84e9803
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

generic downloader11th June 2010, 1:33 pm

Hi again,
PLease see the log below. After I completed the log, windows displayed a message that read "windows encountered a critical problem and will restart in one minute. Please save your work now". Is this a normal message to receive after doing the scan? It made it very hard to post the scan in a reply before the computer shut down. I tried it three (3) times.

Cheers
Blueboy76

========== OTL ==========
Process lsass.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000DB19-BF6D-413C-BDEE-37D6594E583c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000DB19-BF6D-413C-BDEE-37D6594E583c}\ not found.
File C:\ProgramData\dwmredir32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\crtdll32.dll deleted successfully.
C:\Windows\System32\crtdll32.dll moved successfully.
Folder C:\ProgramData\SysWoW32\ not found.
C:\ProgramData\1794963555 folder moved successfully.
Folder C:\Users\Ken\AppData\Roaming\SystemProc\ not found.
File C:\ProgramData\dwmredir32.dll not found.

OTL by OldTimer - Version 3.2.5.3 log created on 06112010_233251

Re: generic downloader.x!dxz12th June 2010, 9:36 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

ComboFix scan results14th June 2010, 5:45 am

Hello Belahzur,

Followed your guide and the scan results below.

Cheers
Blueboy

ComboFix 10-06-13.01 - Ken 14/06/2010 14:52:55.1.2 - x86
Microsoft

Windows Vista

Business 6.0.6002.2.1252.65.1033.18.3018.1426 [GMT 10:00]
Running from: c:\users\Ken\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\d3d1032.dll
c:\programdata\dot3ui32.dll
c:\programdata\dsdmo32.dll
c:\programdata\unrar.exe
c:\users\Ken\AppData\Roaming\020000001c40465e924C.manifest
c:\users\Ken\AppData\Roaming\020000001c40465e924O.manifest
c:\users\Ken\AppData\Roaming\020000001c40465e924P.manifest
c:\users\Ken\AppData\Roaming\020000001c40465e924S.manifest
c:\users\Ken\AppData\Roaming\984D.tmp
c:\users\Ken\AppData\Roaming\D9A2.tmp
c:\users\Ken\AppData\Roaming\E197.tmp
c:\users\Ken\AppData\Roaming\inst.exe
c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}
c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\chrome.manifest
c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\chrome\xulcache.jar
c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\defaults\preferences\xulcache.js
c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\install.rdf
c:\users\Ken\AppData\Roaming\SystemProc
c:\users\Ken\AppData\Roaming\SystemProc\lsass.exe
c:\users\Ken\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\kenr\AppData\Roaming\Mozilla\Firefox\Profiles\ljwjaaw4.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}
c:\users\kenr\AppData\Roaming\Mozilla\Firefox\Profiles\ljwjaaw4.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\chrome.manifest
c:\users\kenr\AppData\Roaming\Mozilla\Firefox\Profiles\ljwjaaw4.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\chrome\xulcache.jar
c:\users\kenr\AppData\Roaming\Mozilla\Firefox\Profiles\ljwjaaw4.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\defaults\preferences\xulcache.js
c:\users\kenr\AppData\Roaming\Mozilla\Firefox\Profiles\ljwjaaw4.default\extensions\{052a9d35-911b-4e68-af6a-0431ae735258}\install.rdf
c:\users\kenr\GoToAssistDownloadHelper.exe
c:\windows\system32\CRTDLL32.DLL
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 05:12 . 2010-06-14 05:18 -------- d-----w- c:\users\Ken\AppData\Local\temp
2010-06-14 05:12 . 2010-06-14 05:12 -------- d-----w- c:\users\kenr\AppData\Local\temp
2010-06-14 05:12 . 2010-06-14 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-14 04:39 . 2010-06-14 04:49 -------- d-----w- C:\ComboFix
2010-06-11 13:37 . 2010-06-14 04:46 -------- d-----w- c:\programdata\1794963555
2010-06-11 13:10 . 2010-06-11 13:10 -------- d-----w- C:\_OTL
2010-06-11 00:54 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 00:51 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 00:51 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 00:50 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 13:45 . 2010-06-10 14:21 -------- d-----w- c:\windows\system32\wbem\Logs
2010-06-08 03:50 . 2010-06-08 03:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 03:47 . 2010-06-08 03:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-08 03:44 . 2010-06-08 14:57 -------- d-----w- c:\programdata\NOS
2010-05-31 04:48 . 2010-05-31 05:24 -------- d-----w- c:\users\Ken\AppData\Local\Microsoft Games
2010-05-31 03:31 . 2010-05-31 03:31 -------- d-----w- c:\program files\Microsoft Games
2010-05-29 10:25 . 2010-05-29 10:51 -------- d-----w- C:\TOY_STORY
2010-05-29 10:04 . 2010-06-11 17:15 -------- d-----w- c:\windows\Debug
2010-05-26 06:10 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 07:18 . 2010-05-12 01:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-25 04:47 . 2010-05-28 11:34 680 ----a-w- c:\users\Ken\AppData\Local\d3d9caps.dat
2010-05-22 11:18 . 2010-05-22 11:18 301056 ----a-w- c:\windows\system32\dmintf32.dll
2010-05-22 09:45 . 2010-04-12 07:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 03:17 . 2010-05-21 03:17 -------- d-----w- c:\programdata\McAfee Security Scan
2010-05-21 03:17 . 2010-05-24 04:42 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-18 06:09 . 2010-05-18 06:40 -------- d-----w- C:\RainMan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 04:08 . 2010-06-14 04:08 321024 ----a-w- c:\programdata\dimsjob32.dll
2010-06-14 04:08 . 2010-06-14 04:08 321024 ----a-w- c:\programdata\dimsjob32.dll
2010-06-11 17:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 17:30 . 2008-08-07 23:56 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 16:00 . 2010-03-30 02:56 -------- d-----w- c:\programdata\DriverCure
2010-06-11 13:07 . 2009-06-05 14:30 -------- d-----w- c:\program files\Safari
2010-06-11 13:01 . 2010-06-11 13:01 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-10 12:33 . 2010-06-10 12:33 321024 ----a-w- c:\programdata\d3d932.dll
2010-06-10 12:33 . 2010-06-10 12:33 321024 ----a-w- c:\programdata\d3d932.dll
2010-06-09 13:35 . 2009-08-01 08:54 -------- d-----w- c:\users\Ken\AppData\Roaming\Skype
2010-06-09 06:14 . 2009-08-01 09:07 -------- d-----w- c:\users\Ken\AppData\Roaming\skypePM
2010-06-08 03:44 . 2010-06-08 03:44 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-06 07:38 . 2010-06-06 07:38 309248 ----a-w- c:\programdata\encapi32.dll
2010-06-06 07:38 . 2010-06-06 07:38 309248 ----a-w- c:\programdata\encapi32.dll
2010-06-02 13:42 . 2010-06-02 13:42 309248 ----a-w- c:\programdata\eappcfg32.dll
2010-06-02 13:42 . 2010-06-02 13:42 309248 ----a-w- c:\programdata\eappcfg32.dll
2010-06-02 12:41 . 2010-06-02 12:41 311808 ----a-w- c:\programdata\fdSSDP32.dll
2010-06-02 12:41 . 2010-06-02 12:41 311808 ----a-w- c:\programdata\fdSSDP32.dll
2010-05-31 13:35 . 2010-05-31 13:35 311808 ----a-w- c:\programdata\d3dx9_2832.dll
2010-05-31 13:35 . 2010-05-31 13:35 311808 ----a-w- c:\programdata\d3dx9_2832.dll
2010-05-31 12:53 . 2010-05-31 12:53 311808 ----a-w- c:\programdata\dot3gpclnt32.dll
2010-05-31 12:53 . 2010-05-31 12:53 311808 ----a-w- c:\programdata\dot3gpclnt32.dll
2010-05-31 11:53 . 2010-05-31 11:53 311808 ----a-w- c:\programdata\dnsrslvr32.dll
2010-05-31 11:53 . 2010-05-31 11:53 311808 ----a-w- c:\programdata\dnsrslvr32.dll
2010-05-31 10:53 . 2010-05-31 10:53 311808 ----a-w- c:\programdata\dot3api32.dll
2010-05-31 10:53 . 2010-05-31 10:53 311808 ----a-w- c:\programdata\dot3api32.dll
2010-05-31 09:53 . 2010-05-31 09:53 311808 ----a-w- c:\programdata\dinput832.dll
2010-05-31 09:53 . 2010-05-31 09:53 311808 ----a-w- c:\programdata\dinput832.dll
2010-05-31 06:53 . 2010-05-31 06:53 311808 ----a-w- c:\programdata\ds16gt32.dll
2010-05-31 06:53 . 2010-05-31 06:53 311808 ----a-w- c:\programdata\ds16gt32.dll
2010-05-31 05:52 . 2010-05-31 05:52 311808 ----a-w- c:\programdata\glu3232.dll
2010-05-31 05:52 . 2010-05-31 05:52 311808 ----a-w- c:\programdata\glu3232.dll
2010-05-31 04:52 . 2010-05-31 04:52 311808 ----a-w- c:\programdata\FXSCOMPOSERES32.dll
2010-05-31 04:52 . 2010-05-31 04:52 311808 ----a-w- c:\programdata\FXSCOMPOSERES32.dll
2010-05-31 03:52 . 2010-05-31 03:52 311808 ----a-w- c:\programdata\findnetprinters32.dll
2010-05-31 03:52 . 2010-05-31 03:52 311808 ----a-w- c:\programdata\findnetprinters32.dll
2010-05-31 02:52 . 2010-05-31 02:52 311808 ----a-w- c:\programdata\fdWCN32.dll
2010-05-31 02:52 . 2010-05-31 02:52 311808 ----a-w- c:\programdata\fdWCN32.dll
2010-05-30 06:20 . 2010-05-30 06:20 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb193D.tmp.exe
2010-05-29 10:01 . 2010-05-09 10:48 -------- d-----w- c:\users\Ken\AppData\Roaming\Azureus
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\programdata\ParetoLogic
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\program files\ParetoLogic
2010-05-23 11:58 . 2009-02-01 13:32 -------- d-----w- c:\program files\McAfee
2010-05-22 11:16 . 2009-08-05 10:51 -------- d-----w- c:\users\Ken\AppData\Roaming\LimeWire
2010-05-22 09:45 . 2008-10-17 01:03 -------- d-----w- c:\program files\Java
2010-05-21 04:03 . 2008-09-17 04:33 -------- d-----w- c:\programdata\LogiShrd
2010-05-21 04:03 . 2008-09-17 04:30 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-21 04:03 . 2008-08-07 23:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 04:21 . 2008-10-13 00:37 -------- d-----w- c:\programdata\DVD Shrink
2010-05-11 15:04 . 2010-05-11 15:04 4141117 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-05-11 15:04 . 2010-05-11 15:04 7282688 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-05-11 14:53 . 2009-08-06 09:28 -------- d-----w- c:\users\Ken\AppData\Roaming\Ahead
2010-05-10 07:00 . 2010-05-10 07:00 6123008 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
2010-05-09 10:46 . 2010-05-09 10:45 -------- d-----w- c:\program files\Vuze
2010-05-09 10:45 . 2010-05-09 10:45 101376 ----a-w- c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-05-09 10:45 . 2010-05-09 10:45 52224 ----a-w- c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-05-09 10:42 . 2010-05-09 10:42 -------- d-----w- c:\program files\Conduit
2010-05-09 10:42 . 2010-05-09 10:42 -------- d-----w- c:\program files\Vuze_Remote
2010-05-06 22:39 . 2009-02-01 13:32 -------- d-----w- c:\program files\McAfee.com
2010-05-06 04:16 . 2009-02-01 13:11 -------- d-----w- c:\programdata\McAfee
2010-05-06 04:15 . 2009-02-01 13:32 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-04 05:59 . 2010-06-11 00:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 00:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 00:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 00:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 07:45 . 2010-01-30 12:57 -------- d-----w- c:\users\Ken\AppData\Roaming\HpUpdate
2010-04-29 01:54 . 2010-04-29 01:52 -------- d-----w- c:\program files\iTunes
2010-04-29 01:52 . 2010-04-29 01:52 -------- d-----w- c:\program files\iPod
2010-04-29 01:52 . 2009-05-25 13:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 01:46 . 2010-04-29 01:46 -------- d-----w- c:\program files\Bonjour
2010-04-29 01:40 . 2010-04-29 01:40 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-27 07:16 . 2010-05-06 01:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 07:16 . 2010-05-06 01:20 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 07:16 . 2010-05-06 01:20 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 07:16 . 2010-05-06 01:20 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-04-27 07:16 . 2010-05-06 01:20 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 07:16 . 2010-05-06 01:20 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 07:16 . 2010-05-06 01:20 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 07:16 . 2010-05-06 01:20 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 07:16 . 2010-05-06 01:20 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-04-27 07:16 . 2010-05-06 01:20 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-26 14:40 . 2010-03-15 05:57 -------- d-----w- c:\program files\WePrint
2010-04-21 05:06 . 2009-10-09 12:11 -------- d-----w- c:\users\Ken\AppData\Roaming\eBookPro6
2010-04-08 03:20 . 2010-04-08 03:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20 . 2010-04-08 03:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-02 14:33 . 2010-04-02 14:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-03-19 13:14 . 2010-03-19 13:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-27 07:16 . 2010-05-06 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000DB19-BF6D-413C-BDEE-37D6594E583c}]
2010-06-14 04:08 321024 ----a-w- c:\programdata\dimsjob32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 634880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 145944]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-25 704512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-05-09 159744]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\users\kenr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2009-2-24 3656]

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-3-15 2212352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e3,6b,13,b2,f6,61,ca,01

R2 gupdate1c9bfbcf4cb92e4;Google Update Service (gupdate1c9bfbcf4cb92e4);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 CLHNService;CLHNService;c:\program files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [2007-07-25 77824]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-06-10 159744]
S2 NTIPPKernel;NTIPPKernel;c:\program files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys [2007-07-25 122624]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-04 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-01 225920]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-06-11 48472]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-11 43480]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-11 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 00:30]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 00:30]

2010-06-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-06-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-05-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-06-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-05-05 00:13]

2010-06-14 c:\windows\Tasks\User_Feed_Synchronization-{94578D48-F5D2-4F57-899A-6D6D87535810}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.com.au/SnapfishActivia2.cab
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RTHDBPL - c:\users\Ken\AppData\Roaming\SystemProc\lsass.exe
MSConfigStartUp-Client Access Check Version - c:\program files\IBM\Client Access\cwbckver.exe
MSConfigStartUp-Client Access Express Welcome - c:\program files\IBM\Client Access\cwbwlwiz.exe
MSConfigStartUp-Client Access Help Update - c:\program files\IBM\Client Access\cwbinhlp.exe
MSConfigStartUp-Client Access Service - c:\program files\IBM\Client Access\CwbSvStr.Exe
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 15:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RTHDBPL = c:\users\Ken\AppData\Roaming\SystemProc\lsass.exe?? ????????????????????????????????#???????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(540)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-06-14 15:29:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-14 05:29

Pre-Run: 70,506,102,784 bytes free
Post-Run: 83,668,680,704 bytes free

- - End Of File - - DDDF328062F398321CC3FEE2C136AA7B

Re: generic downloader.x!dxz15th June 2010, 12:30 am

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: c:\programdata\NOS\Adobe_Downloads\arh.exe Folder:: c:\programdata\1794963555 Firefox:: FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms} RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

ComboFix scan results15th June 2010, 3:11 am

Hi Belahzur,

Please see log below.

Blueboy76

ComboFix 10-06-14.02 - Ken 15/06/2010 12:25:28.2.2 - x86
Microsoft

Windows Vista

Business 6.0.6002.2.1252.65.1033.18.3018.1623 [GMT 10:00]
Running from: c:\users\Ken\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Ken\Documents\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

FILE ::
"c:\programdata\NOS\Adobe_Downloads\arh.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\1794963555
c:\programdata\1794963555\new.i1
c:\programdata\NOS\Adobe_Downloads\arh.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 02:53 . 2010-06-15 02:53 -------- d-----w- c:\users\Ken\AppData\Local\temp
2010-06-15 02:53 . 2010-06-15 02:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-15 02:53 . 2010-06-15 02:53 -------- d-----w- c:\users\kenr\AppData\Local\temp
2010-06-15 02:53 . 2010-06-15 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-14 04:39 . 2010-06-15 02:15 -------- d-----w- C:\ComboFix
2010-06-14 04:08 . 2010-06-14 04:08 321024 ----a-w- c:\programdata\dimsjob32.dll
2010-06-11 13:10 . 2010-06-11 13:10 -------- d-----w- C:\_OTL
2010-06-11 13:01 . 2010-06-11 13:01 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-11 00:54 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 00:51 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 00:51 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 00:50 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 13:45 . 2010-06-10 14:21 -------- d-----w- c:\windows\system32\wbem\Logs
2010-06-10 12:33 . 2010-06-10 12:33 321024 ----a-w- c:\programdata\d3d932.dll
2010-06-08 03:50 . 2010-06-08 03:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 03:47 . 2010-02-01 01:45 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-08 03:47 . 2010-06-08 03:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-08 03:44 . 2010-06-08 14:57 -------- d-----w- c:\programdata\NOS
2010-06-06 07:38 . 2010-06-06 07:38 309248 ----a-w- c:\programdata\encapi32.dll
2010-06-02 13:42 . 2010-06-02 13:42 309248 ----a-w- c:\programdata\eappcfg32.dll
2010-06-02 12:41 . 2010-06-02 12:41 311808 ----a-w- c:\programdata\fdSSDP32.dll
2010-05-31 13:35 . 2010-05-31 13:35 311808 ----a-w- c:\programdata\d3dx9_2832.dll
2010-05-31 12:53 . 2010-05-31 12:53 311808 ----a-w- c:\programdata\dot3gpclnt32.dll
2010-05-31 11:53 . 2010-05-31 11:53 311808 ----a-w- c:\programdata\dnsrslvr32.dll
2010-05-31 10:53 . 2010-05-31 10:53 311808 ----a-w- c:\programdata\dot3api32.dll
2010-05-31 09:53 . 2010-05-31 09:53 311808 ----a-w- c:\programdata\dinput832.dll
2010-05-31 06:53 . 2010-05-31 06:53 311808 ----a-w- c:\programdata\ds16gt32.dll
2010-05-31 05:52 . 2010-05-31 05:52 311808 ----a-w- c:\programdata\glu3232.dll
2010-05-31 04:52 . 2010-05-31 04:52 311808 ----a-w- c:\programdata\FXSCOMPOSERES32.dll
2010-05-31 04:48 . 2010-05-31 05:24 -------- d-----w- c:\users\Ken\AppData\Local\Microsoft Games
2010-05-31 03:52 . 2010-05-31 03:52 311808 ----a-w- c:\programdata\findnetprinters32.dll
2010-05-31 03:31 . 2010-05-31 03:31 -------- d-----w- c:\program files\Microsoft Games
2010-05-31 02:52 . 2010-05-31 02:52 311808 ----a-w- c:\programdata\fdWCN32.dll
2010-05-30 06:20 . 2010-05-30 06:20 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb193D.tmp.exe
2010-05-29 10:25 . 2010-05-29 10:51 -------- d-----w- C:\TOY_STORY
2010-05-29 10:04 . 2010-06-11 17:15 -------- d-----w- c:\windows\Debug
2010-05-26 06:10 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 07:18 . 2010-05-12 01:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-25 04:47 . 2010-05-28 11:34 680 ----a-w- c:\users\Ken\AppData\Local\d3d9caps.dat
2010-05-22 11:18 . 2010-05-22 11:18 301056 ----a-w- c:\windows\system32\dmintf32.dll
2010-05-22 09:45 . 2010-04-12 07:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 03:17 . 2010-05-21 03:17 -------- d-----w- c:\programdata\McAfee Security Scan
2010-05-21 03:17 . 2010-05-24 04:42 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-18 06:09 . 2010-05-18 06:40 -------- d-----w- C:\RainMan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 16:16 . 2009-08-01 08:54 -------- d-----w- c:\users\Ken\AppData\Roaming\Skype
2010-06-14 16:00 . 2010-03-30 02:56 -------- d-----w- c:\programdata\DriverCure
2010-06-14 14:06 . 2009-08-01 09:07 -------- d-----w- c:\users\Ken\AppData\Roaming\skypePM
2010-06-14 08:26 . 2008-09-29 03:00 -------- d-----w- c:\program files\Yahoo!
2010-06-11 17:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 17:30 . 2008-08-07 23:56 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 13:07 . 2009-06-05 14:30 -------- d-----w- c:\program files\Safari
2010-05-29 10:01 . 2010-05-09 10:48 -------- d-----w- c:\users\Ken\AppData\Roaming\Azureus
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\programdata\ParetoLogic
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-29 09:17 . 2010-03-30 02:56 -------- d-----w- c:\program files\ParetoLogic
2010-05-23 11:58 . 2009-02-01 13:32 -------- d-----w- c:\program files\McAfee
2010-05-22 11:16 . 2009-08-05 10:51 -------- d-----w- c:\users\Ken\AppData\Roaming\LimeWire
2010-05-22 09:45 . 2008-10-17 01:03 -------- d-----w- c:\program files\Java
2010-05-21 04:03 . 2008-09-17 04:33 -------- d-----w- c:\programdata\LogiShrd
2010-05-21 04:03 . 2008-09-17 04:30 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-21 04:03 . 2008-08-07 23:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 04:21 . 2008-10-13 00:37 -------- d-----w- c:\programdata\DVD Shrink
2010-05-11 15:04 . 2010-05-11 15:04 4141117 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-05-11 15:04 . 2010-05-11 15:04 7282688 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-05-11 14:53 . 2009-08-06 09:28 -------- d-----w- c:\users\Ken\AppData\Roaming\Ahead
2010-05-10 07:00 . 2010-05-10 07:00 6123008 ----a-w- c:\users\Ken\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
2010-05-09 10:46 . 2010-05-09 10:45 -------- d-----w- c:\program files\Vuze
2010-05-09 10:45 . 2010-05-09 10:45 101376 ----a-w- c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-05-09 10:45 . 2010-05-09 10:45 52224 ----a-w- c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-05-09 10:42 . 2010-05-09 10:42 -------- d-----w- c:\program files\Conduit
2010-05-09 10:42 . 2010-05-09 10:42 -------- d-----w- c:\program files\Vuze_Remote
2010-05-06 22:39 . 2009-02-01 13:32 -------- d-----w- c:\program files\McAfee.com
2010-05-06 04:16 . 2009-02-01 13:11 -------- d-----w- c:\programdata\McAfee
2010-05-06 04:15 . 2009-02-01 13:32 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-04 05:59 . 2010-06-11 00:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 00:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 00:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 00:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 07:45 . 2010-01-30 12:57 -------- d-----w- c:\users\Ken\AppData\Roaming\HpUpdate
2010-04-29 01:54 . 2010-04-29 01:52 -------- d-----w- c:\program files\iTunes
2010-04-29 01:52 . 2010-04-29 01:52 -------- d-----w- c:\program files\iPod
2010-04-29 01:52 . 2009-05-25 13:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 01:46 . 2010-04-29 01:46 -------- d-----w- c:\program files\Bonjour
2010-04-29 01:40 . 2010-04-29 01:40 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-27 07:16 . 2010-05-06 01:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 07:16 . 2010-05-06 01:20 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 07:16 . 2010-05-06 01:20 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 07:16 . 2010-05-06 01:20 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-04-27 07:16 . 2010-05-06 01:20 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 07:16 . 2010-05-06 01:20 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 07:16 . 2010-05-06 01:20 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 07:16 . 2010-05-06 01:20 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 07:16 . 2010-05-06 01:20 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-04-27 07:16 . 2010-05-06 01:20 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-26 14:40 . 2010-03-15 05:57 -------- d-----w- c:\program files\WePrint
2010-04-21 05:06 . 2009-10-09 12:11 -------- d-----w- c:\users\Ken\AppData\Roaming\eBookPro6
2010-04-08 03:20 . 2010-04-08 03:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20 . 2010-04-08 03:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-02 14:33 . 2010-04-02 14:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-03-19 13:14 . 2010-03-19 13:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-27 07:16 . 2010-05-06 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000DB19-BF6D-413C-BDEE-37D6594E583c}]
2010-06-14 04:08 321024 ----a-w- c:\programdata\dimsjob32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 634880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 145944]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-25 704512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-05-09 159744]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\users\kenr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2009-2-24 3656]

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-3-15 2212352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e3,6b,13,b2,f6,61,ca,01

R2 gupdate1c9bfbcf4cb92e4;Google Update Service (gupdate1c9bfbcf4cb92e4);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-06-10 159744]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 CLHNService;CLHNService;c:\program files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [2007-07-25 77824]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 NTIPPKernel;NTIPPKernel;c:\program files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys [2007-07-25 122624]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-04 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-01 225920]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-06-11 48472]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-11 43480]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 00:30]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 00:30]

2010-06-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-14 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-06-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-05-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-06-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-05-05 00:13]

2010-06-15 c:\windows\Tasks\User_Feed_Synchronization-{94578D48-F5D2-4F57-899A-6D6D87535810}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.com.au/SnapfishActivia2.cab
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\fvacugtt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 12:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-15 13:02:09
ComboFix-quarantined-files.txt 2010-06-15 03:02
ComboFix2.txt 2010-06-14 05:29

Pre-Run: 82,180,841,472 bytes free
Post-Run: 82,172,575,744 bytes free

- - End Of File - - 2D93EEB20F81F0A29E3C85F8E4C08162

Re: generic downloader.x!dxz15th June 2010, 9:04 pm

Hello.
Do you have attach.txt from OTL?

OTL .txt log16th June 2010, 2:38 am

Hi again,

I posted this OTL logfile last time, is it the correct one????

Blueboy76

Re: generic downloader.x!dxz17th June 2010, 12:31 am

Hello.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Hijack This log17th June 2010, 2:01 am

Hi again,

PLease see log below. Are we nearly at a conclusion yet???

2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Color LaserJet 2600n
CyberLink YouCam
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Dynalink ADSL Router USB Driver
e-tax 2009
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
IE7Pro
IE7Pro
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 13.1.33.0
Intel(R) Network Connections 13.1.33.0
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 20
Java(TM) 6 Update 7
KhalInstallWrapper
LimeWire 5.5.8
McAfee Internet Security
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mortgage Watchdog
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyVirtualHome
Nero 7 Essentials
O2Micro Flash Memory Card Reader Driver (x86)
OCR Software by I.R.I.S. 12.0
OGA Notifier 2.0.0048.0
ParetoLogic DriverCure
ParetoLogic PC Health Advisor
PowerCinema
PrimoPDF
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Microsoft Office Word 2007 (KB982135)
Setup
Shop for HP Supplies
Skype

4.2
SoftDMA
Spelling Dictionaries Support For Adobe Reader 8
Synaptics Pointing Device Driver
System Control Manager
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Outlook 2007 Junk Email Filter (kb983486)
Vuze
Vuze_Remote Toolbar
WD SmartWare
WePrint
Yahoo! Toolbar

Re: generic downloader.x!dxz17th June 2010, 1:22 pm

Hello.

I see that you are running Vuze and Limeiwre.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

eset scan log17th June 2010, 4:18 pm

This is what the scan showed. Hope this is correct. Am I missing something??

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Re: generic downloader.x!dxz17th June 2010, 11:59 pm

Hello.

How is the machine running now?

Re: generic downloader.x!dxz21st June 2010, 1:04 am

Hi,

Thanks for the support with this whole thing. I really appreciate it. Sorry for the slow reply, I had a busy weekend. I have done an anti-virus scan with McAfee and it now shows everything to be ok which is great.

However, the computer is still running slowly and it takes for ever for some activities to start and function properly. Often I have program windows open with nothing in them and they take for ever to disappear. It really slows things down. How can I improve the speed and running of the computer?? Is there anything you can suggest please???

Once I get this done I think everything will be ok.

Thanks again,

Blueboy

Re: generic downloader.x!dxz21st June 2010, 3:21 pm

Hello.

Re-open Hijack This.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

HijackThis log file22nd June 2010, 6:41 am

Hi,

Below is the log file from HijackThis. It didn't seem to find anything as far as I could see. Is this correct??

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:37:44 PM, on 22/6/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100514114542.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www4.snapfish.com.au/SnapfishActivia2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Update Service (gupdate1c9bfbcf4cb92e4) (gupdate1c9bfbcf4cb92e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 13818 bytes

Re: generic downloader.x!dxz22nd June 2010, 2:52 pm

Hello.
Your log still shows signs of Vuze, please remove it.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
Press "Fix Checked"
Close Hijack This.

Download ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Reboot normally.

How is the machine now? any improvement?

Re: generic downloader.x!dxz23rd June 2010, 5:10 am

Hi Belahzur,

I have done everything you said and so far the computer is running much better. So thank you very very much for your help and patience. For future reference, how do I keep the computer running efficiently from here??

Thanks again,
Blueboy76

Re: generic downloader.x!dxz23rd June 2010, 1:22 pm

Hello.
A lot of it is down to hardrive maintenance,

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

generic downloader.x!dxz

descriptiongeneric downloader.x!dxz8th June 2010, 6:31 am

descriptionRe: generic downloader.x!dxz8th June 2010, 5:30 pm

descriptionScan results that were missing9th June 2010, 2:47 am

descriptionRe: generic downloader.x!dxz10th June 2010, 12:21 am

descriptionRe: generic downloader.x!dxz10th June 2010, 7:51 am

descriptionRe: generic downloader.x!dxz10th June 2010, 9:04 pm

description.txt file you required11th June 2010, 1:13 am

descriptionRe: generic downloader.x!dxz11th June 2010, 12:33 pm

descriptiongeneric downloader11th June 2010, 1:33 pm

descriptionRe: generic downloader.x!dxz12th June 2010, 9:36 pm

descriptionComboFix scan results14th June 2010, 5:45 am

descriptionRe: generic downloader.x!dxz15th June 2010, 12:30 am

descriptionComboFix scan results15th June 2010, 3:11 am

descriptionRe: generic downloader.x!dxz15th June 2010, 9:04 pm

descriptionOTL .txt log16th June 2010, 2:38 am

descriptionRe: generic downloader.x!dxz17th June 2010, 12:31 am

descriptionHijack This log17th June 2010, 2:01 am

descriptionRe: generic downloader.x!dxz17th June 2010, 1:22 pm

descriptioneset scan log17th June 2010, 4:18 pm

descriptionRe: generic downloader.x!dxz17th June 2010, 11:59 pm

descriptionRe: generic downloader.x!dxz21st June 2010, 1:04 am

descriptionRe: generic downloader.x!dxz21st June 2010, 3:21 pm

descriptionHijackThis log file22nd June 2010, 6:41 am

descriptionRe: generic downloader.x!dxz22nd June 2010, 2:52 pm

descriptionRe: generic downloader.x!dxz23rd June 2010, 5:10 am

descriptionRe: generic downloader.x!dxz23rd June 2010, 1:22 pm