nestamon

Sweet. Thank you so much for all your help. ++karma for you!

Seems to be OK. I haven't done much except use firefox to browse to this forum, but I'm not getting any redirects or anything so that's good. Any further advice?

OK it finished running and rebooted my PC. Here is the logfile from after the reboot: ComboFix 10-07-10.01 - Nathan 07/11/2010 17:21:43.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -7:00] Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Nathan\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CPUZ130 -------\Legacy_GSPLITTM -------\Legacy_XAGPCPQ -------\Service_cpuz130 -------\Service_gsplittm -------\Service_XAGPCPQ ((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 ))))))))))))))))))))))))))))))) . 2010-07-09 17:50 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-09 17:42 . 2010-07-09 17:42 -------- d-----w- c:\program files\iPod 2010-07-09 17:42 . 2010-07-09 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-09 17:33 . 2010-07-09 17:33 -------- d-----w- c:\program files\Bonjour 2010-07-09 17:29 . 2010-07-09 17:29 -------- d-----w- c:\program files\Apple Software Update 2010-07-08 06:50 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 06:50 . 2010-07-08 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 06:50 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 06:43 . 2010-07-08 06:43 -------- d-----w- C:\spoolerlogs 2010-07-08 05:13 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\wtkxkospj 2010-07-08 04:03 . 2010-07-08 04:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-07-05 18:28 . 2010-07-05 18:28 -------- d-----w- c:\program files\drcode 2010-06-29 17:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-06-24 05:59 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\AdventureTools 2010-06-24 05:58 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Application Data\AdventureTools 2010-06-23 20:33 . 2010-06-23 20:33 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\Wizards_of_the_Coast 2010-06-23 18:35 . 2010-06-23 18:35 285 ----a-w- c:\windows\EReg072.dat 2010-06-23 18:35 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-06-23 18:35 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-06-23 18:35 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-06-23 18:35 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-06-23 18:35 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-06-23 18:34 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2010-06-23 18:34 . 2010-06-23 18:34 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-06-23 18:34 . 2010-06-23 18:34 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-06-23 18:33 . 2010-06-23 19:25 -------- d-----w- C:\Sshock2 2010-06-23 17:05 . 2010-06-23 17:05 -------- d-----w- c:\documents and settings\Nathan\Application Data\YoudaGames 2010-06-15 15:20 . 2010-07-12 01:04 -------- d-----w- c:\program files\PeerGuardian2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-12 01:02 . 2010-04-03 21:32 -------- d-----w- c:\documents and settings\Nathan\Application Data\stickies 2010-07-10 17:53 . 2002-08-29 07:27 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-09 17:50 . 2003-12-22 11:37 -------- d-----w- c:\program files\Common Files\Java 2010-07-09 17:49 . 2003-12-22 11:37 -------- d-----w- c:\program files\Java 2010-07-09 17:43 . 2009-04-29 02:51 -------- d-----w- c:\program files\iTunes 2010-07-09 17:42 . 2008-12-25 15:00 -------- d-----w- c:\program files\Common Files\Apple 2010-07-09 17:38 . 2008-02-19 14:19 -------- d-----w- c:\program files\QuickTime 2010-07-08 16:03 . 2006-05-21 22:01 1984 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-08 07:08 . 2006-07-10 03:46 -------- d-----w- c:\program files\RegScrubXP 2010-07-07 04:50 . 2005-01-28 02:43 -------- d-----w- c:\documents and settings\Nathan\Application Data\Azureus 2010-06-28 20:57 . 2010-05-29 17:48 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-05-29 17:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-05-29 17:49 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-05-29 17:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-05-29 17:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2010-05-29 17:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2010-05-29 17:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-28 20:32 . 2010-05-29 17:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-06-27 06:03 . 2008-09-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2010-06-08 17:08 . 2010-06-08 16:58 -------- d-----w- c:\program files\Doom 3 2010-06-08 16:54 . 2010-06-06 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2010-06-08 16:52 . 2008-08-28 14:34 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 16:14 . 2010-06-08 16:14 -------- d-----w- c:\program files\Play+Smile 2010-06-06 21:04 . 2010-06-06 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2010-06-06 21:03 . 2010-06-06 21:03 -------- d-----w- c:\documents and settings\Nathan\Application Data\GameHouse 2010-06-06 21:02 . 2010-06-06 21:02 -------- d-----w- c:\program files\GameHouse 2010-06-06 20:10 . 2010-06-06 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance 2010-06-06 19:40 . 2010-06-06 19:36 -------- d-----w- c:\program files\Common Files\Intuit 2010-06-06 19:36 . 2010-06-06 19:36 -------- d-----w- c:\program files\Intuit 2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11 2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES 2010-06-06 19:15 . 2009-08-30 09:28 -------- d-----w- c:\program files\Vuze 2010-06-06 16:49 . 2010-06-06 16:49 -------- d-----w- c:\program files\Common Files\Futuremark Shared 2010-06-06 16:49 . 2003-12-22 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-06 07:59 . 2010-04-01 18:51 -------- d-----w- c:\program files\Mount&Blade Warband 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\program files\Alwil Software 2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cacheman"="c:\progra~1\UTILIT~1\Cacheman\Cacheman.exe" [2003-07-31 1290752] "Steam"="g:\games\steam\steam.exe" [2010-06-21 1238352] "Google Update"="c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-07 133104] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\Nathan\Start Menu\Programs\Startup\ Stickies.lnk - c:\program files\stickies\stickies.exe [2010-4-3 1101824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 12:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-07 00:49 133104 ----atw- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-07-30 14:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-02-13 18:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-02-18 19:44 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-02-18 19:44 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandIcon] 2000-11-13 19:36 131072 ----a-w- c:\program files\Utilities\ImageMate CompactFlash USB\SandIcon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Utilities\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"= "c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\SYSTEM32\\java.exe"= "c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"= "c:\\WINDOWS\\SYSTEM32\\javaw.exe"= "c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"= "c:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"= "c:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= "g:\\Games\\Steam\\Steam.exe"= "g:\\Games\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"= "g:\\Games\\Steam\\steamapps\\common\\children of the nile\\CoTN.exe"= "g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"= "g:\\Games\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"= "g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold unfinished business\\JA2UB.exe"= "g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"= "g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold\\ja2.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"= "g:\\Games\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"= "g:\\Games\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"= "g:\\Games\\Steam\\steamapps\\common\\children of the nile alexandria\\CoTN.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"= "g:\\Games\\Steam\\steamapps\\common\\empire total war\\Empire.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/29/2010 10:49 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/29/2010 10:49 AM 17744] R2 MSSQL$CSS;MSSQL$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS [?] S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [?] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?] S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS [?] S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [9/7/2008 6:52 AM 717296] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006Core.job - c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49] 2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006UA.job - c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49] 2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{DA458596-91FC-40AE-A68A-E1347B15CC0C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?ct=1056755011 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html Trusted Zone: fark.com\www Trusted Zone: gametab.com\www Trusted Zone: penny-arcade.com\www Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab FF - ProfilePath - c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\g0rlcp2p.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2 FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-11 18:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,99,5b,9e,6b,c5,1d,12,78,f2,ca,16,4b,51,e8,b5,eb,4b,02,0b,12,de,f4, 32,5a,db,86,92,30,92,2d,24,fc,2b,93,d7,8f,c4,ff,54,19,a1,50,8a,5b,25,71,1c,\ "??"=hex:b3,69,32,89,1c,89,02,cb,83,10,79,81,53,0d,7d,c8 [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\License information*] "datasecu"=hex:c3,96,c0,f6,ad,1d,0e,7c,63,1d,28,71,0e,1c,2c,98,3c,34,23,c6,a2, e7,7f,04,a3,3f,14,48,fe,e4,f3,4f,37,e3,83,ea,ac,34,44,db,e9,42,45,a9,c8,92,\ "rkeysecu"=hex:a1,8f,84,98,f6,bf,ab,41,de,99,a4,01,dd,25,a8,3f [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\

When I dragged to script file over to the ComboFix icon, it launched it but then popped up a message box that said there is a newer version of ComboFix available and asks if I would like to update. Should I update or just skip it?

OK Combofix ran and here is the logfile: ComboFix 10-07-10.01 - Nathan 07/11/2010 9:09.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.343 [GMT -7:00] Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Nathan\System c:\documents and settings\Nathan\System\win_qs8.jqx C:\install.exe c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\patch.exe c:\windows\system32\logs c:\windows\system32\logs\{655A3CE7-2565-4860-8EBA-D4570C1EE398}.log c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\xpsp1hfm.log G:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 ))))))))))))))))))))))))))))))) . 2010-07-09 17:50 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-09 17:42 . 2010-07-09 17:42 -------- d-----w- c:\program files\iPod 2010-07-09 17:42 . 2010-07-09 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-09 17:33 . 2010-07-09 17:33 -------- d-----w- c:\program files\Bonjour 2010-07-09 17:29 . 2010-07-09 17:29 -------- d-----w- c:\program files\Apple Software Update 2010-07-08 06:50 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 06:50 . 2010-07-08 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 06:50 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 06:43 . 2010-07-08 06:43 -------- d-----w- C:\spoolerlogs 2010-07-08 05:13 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\wtkxkospj 2010-07-08 04:03 . 2010-07-08 04:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-07-05 18:28 . 2010-07-05 18:28 -------- d-----w- c:\program files\drcode 2010-06-29 17:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-06-24 05:59 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\AdventureTools 2010-06-24 05:58 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Application Data\AdventureTools 2010-06-23 20:33 . 2010-06-23 20:33 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\Wizards_of_the_Coast 2010-06-23 18:35 . 2010-06-23 18:35 285 ----a-w- c:\windows\EReg072.dat 2010-06-23 18:35 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-06-23 18:35 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-06-23 18:35 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-06-23 18:35 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-06-23 18:35 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-06-23 18:34 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2010-06-23 18:34 . 2010-06-23 18:34 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-06-23 18:34 . 2010-06-23 18:34 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-06-23 18:33 . 2010-06-23 19:25 -------- d-----w- C:\Sshock2 2010-06-23 17:05 . 2010-06-23 17:05 -------- d-----w- c:\documents and settings\Nathan\Application Data\YoudaGames 2010-06-15 15:20 . 2010-07-11 16:30 -------- d-----w- c:\program files\PeerGuardian2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-11 16:28 . 2010-04-03 21:32 -------- d-----w- c:\documents and settings\Nathan\Application Data\stickies 2010-07-10 17:53 . 2002-08-29 07:27 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-09 17:50 . 2003-12-22 11:37 -------- d-----w- c:\program files\Common Files\Java 2010-07-09 17:49 . 2003-12-22 11:37 -------- d-----w- c:\program files\Java 2010-07-09 17:43 . 2009-04-29 02:51 -------- d-----w- c:\program files\iTunes 2010-07-09 17:42 . 2008-12-25 15:00 -------- d-----w- c:\program files\Common Files\Apple 2010-07-09 17:38 . 2008-02-19 14:19 -------- d-----w- c:\program files\QuickTime 2010-07-08 16:03 . 2006-05-21 22:01 1984 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-08 07:08 . 2006-07-10 03:46 -------- d-----w- c:\program files\RegScrubXP 2010-07-07 04:50 . 2005-01-28 02:43 -------- d-----w- c:\documents and settings\Nathan\Application Data\Azureus 2010-06-28 20:57 . 2010-05-29 17:48 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-05-29 17:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-05-29 17:49 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-05-29 17:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-05-29 17:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2010-05-29 17:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2010-05-29 17:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-28 20:32 . 2010-05-29 17:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-06-27 06:03 . 2008-09-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2010-06-08 17:08 . 2010-06-08 16:58 -------- d-----w- c:\program files\Doom 3 2010-06-08 16:54 . 2010-06-06 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2010-06-08 16:52 . 2008-08-28 14:34 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 16:14 . 2010-06-08 16:14 -------- d-----w- c:\program files\Play+Smile 2010-06-06 21:04 . 2010-06-06 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2010-06-06 21:03 . 2010-06-06 21:03 -------- d-----w- c:\documents and settings\Nathan\Application Data\GameHouse 2010-06-06 21:02 . 2010-06-06 21:02 -------- d-----w- c:\program files\GameHouse 2010-06-06 20:10 . 2010-06-06 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance 2010-06-06 19:40 . 2010-06-06 19:36 -------- d-----w- c:\program files\Common Files\Intuit 2010-06-06 19:36 . 2010-06-06 19:36 -------- d-----w- c:\program files\Intuit 2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11 2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES 2010-06-06 19:15 . 2009-08-30 09:28 -------- d-----w- c:\program files\Vuze 2010-06-06 16:49 . 2010-06-06 16:49 -------- d-----w- c:\program files\Common Files\Futuremark Shared 2010-06-06 16:49 . 2003-12-22 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-06 07:59 . 2010-04-01 18:51 -------- d-----w- c:\program files\Mount&Blade Warband 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\program files\Alwil Software 2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cacheman"="c:\progra~1\UTILIT~1\Cacheman\Cacheman.exe" [2003-07-31 1290752] "Steam"="g:\games\steam\steam.exe" [2010-06-21 1238352] "Google Update"="c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-07 133104] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\Nathan\Start Menu\Programs\Startup\ Stickies.lnk - c:\program files\stickies\stickies.exe [2010-4-3 1101824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk] path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 12:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-07 00:49 133104 ----atw- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2008-06-12 19:06 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-07-30 14:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-02-13 18:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-02-18 19:44 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-02-18 19:44 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandIcon] 2000-11-13 19:36 131072 ----a-w- c:\program files\Utilities\ImageMate CompactFlash USB\SandIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2008-06-12 19:06 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-04-13 01:25 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Utilities\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"= "c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\SYSTEM32\\java.exe"= "c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"= "c:\\WINDOWS\\SYSTEM32\\javaw.exe"= "c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"= "c:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"= "c:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= "g:\\Games\\Steam\\Steam.exe"= "g:\\Games\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"= "g:\\Games\\Steam\\steamapps\\common\\children of the nile\\CoTN.exe"= "g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"= "g:\\Games\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"= "g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold unfinished business\\JA2UB.exe"= "g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"= "g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold\\ja2.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"= "g:\\Games\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"= "g:\\Games\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"= "g:\\Games\\Steam\\steamapps\\common\\children of the nile alexandria\\CoTN.exe"= "g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"= "g:\\Games\\Steam\\steamapps\\common\\empire total war\\Empire.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/29/2010 10:49 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/29/2010 10:49 AM 17744] R2 MSSQL$CSS;MSSQL$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS [?] S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [?] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?] S3 cpuz130;cpuz130;\??\c:\docume~1\Nathan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Nathan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 gsplittm;gsplittm;\??\c:\docume~1\Nathan\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Nathan\LOCALS~1\Temp\gsplittm.sys [?] S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS [?] S3 XAGPCPQ;XAGPCPQ;\??\c:\docume~1\Nathan\LOCALS~1\Temp\XAGPCPQ.SYS --> c:\docume~1\Nathan\LOCALS~1\Temp\XAGPCPQ.SYS [?] S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [9/7/2008 6:52 AM 717296] --- Other Services/Drivers In Memory --- *NewlyCreated* - PGFILTER [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006Core.job - c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49] 2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006UA.job - c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49] 2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{DA458596-91FC-40AE-A68A-E1347B15CC0C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?ct=1056755011 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html Trusted Zone: fark.com\www Trusted Zone: gametab.com\www Trusted Zone: penny-arcade.com\www Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab FF - ProfilePath - c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\g0rlcp2p.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2 FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Notify-AtiExtEvent - (no file) SafeBoot-klmdb.sys MSConfigStartUp-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe MSConfigStartUp-ELNKProxy - c:\windows\surfmonkey\smproxy.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe MSConfigStartUp-Steam - c:\program files\steam\steam.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-IGN Download Manager - c:\program files\IGN\Download Manager\uninst.exe AddRemove-InterActual Player - c:\program files\InterActual\InterActual Player\inuninst.exe AddRemove-Network Addon Mod - c:\documents and settings\Nathan\My Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe AddRemove-The Forge - c:\windows\unvise32.exe AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe AddRemove-Stainless_Steel_6.0_Part1of2 - c:\program files\Games\Valve\Steam\SteamApps\common\medieval ii total war\Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-11 09:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,99,5b,9e,6b,c5,1d,12,78,f2,ca,16,4b,51,e8,b5,eb,4b,02,0b,12,de,f4, 32,5a,db,86,92,30,92,2d,24,fc,2b,93,d7,8f,c4,ff,54,19,a1,50,8a,5b,25,71,1c,\ "??"=hex:b3,69,32,89,1c,89,02,cb,83,10,79,81,53,0d,7d,c8 [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\License information*] "datasecu"=hex:c3,96,c0,f6,ad,1d,0e,7c,63,1d,28,71,0e,1c,2c,98,3c,34,23,c6,a2, e7,7f,04,a3,3f,14,48,fe,e4,f3,4f,37,e3,83,ea,ac,34,44,db,e9,42,45,a9,c8,92,\ "rkeysecu"=hex:a1,8f,84,98,f6,bf,ab,41,de,99,a4,01,dd,25,a8,3f [HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\

Kenny94, Thanks for the response. I ran TDSSKiller and it found one thing, then prompted me to reboot. Here is the log file: 10:48:43:604 21204 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 10:48:43:604 21204 ================================================================================ 10:48:43:604 21204 SystemInfo: 10:48:43:604 21204 OS Version: 5.1.2600 ServicePack: 3.0 10:48:43:604 21204 Product type: Workstation 10:48:43:604 21204 ComputerName: SHELB1 10:48:43:604 21204 UserName: Nathan 10:48:43:604 21204 Windows directory: C:\WINDOWS 10:48:43:604 21204 System windows directory: C:\WINDOWS 10:48:43:604 21204 Processor architecture: Intel x86 10:48:43:604 21204 Number of processors: 2 10:48:43:604 21204 Page size: 0x1000 10:48:43:604 21204 Boot type: Normal boot 10:48:43:604 21204 ================================================================================ 10:48:44:104 21204 Initialize success 10:48:44:104 21204 10:48:44:104 21204 Scanning Services ... 10:48:44:822 21204 Raw services enum returned 407 services 10:48:44:838 21204 10:48:44:854 21204 Scanning Drivers ... 10:48:46:775 21204 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys 10:48:46:994 21204 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 10:48:47:104 21204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:48:47:244 21204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:48:47:400 21204 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 10:48:47:510 21204 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 10:48:47:650 21204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:48:47:807 21204 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 10:48:47:932 21204 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 10:48:48:072 21204 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys 10:48:48:229 21204 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 10:48:48:369 21204 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 10:48:48:510 21204 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 10:48:48:619 21204 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 10:48:48:900 21204 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 10:48:49:338 21204 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys 10:48:49:697 21204 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys 10:48:49:838 21204 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 10:48:49:947 21204 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 10:48:50:072 21204 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 10:48:50:197 21204 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 10:48:50:338 21204 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys 10:48:50:463 21204 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys 10:48:50:588 21204 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys 10:48:50:713 21204 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys 10:48:50:869 21204 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys 10:48:51:010 21204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:48:51:119 21204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:48:51:416 21204 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys 10:48:51:588 21204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:48:51:713 21204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:48:51:885 21204 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys 10:48:52:072 21204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:48:52:229 21204 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 10:48:52:338 21204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:48:52:463 21204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:48:52:588 21204 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 10:48:52:666 21204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:48:52:807 21204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:48:52:947 21204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:48:53:197 21204 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 10:48:53:307 21204 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 10:48:53:588 21204 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 10:48:53:713 21204 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 10:48:53:838 21204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:48:54:010 21204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:48:54:166 21204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:48:54:275 21204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:48:54:400 21204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:48:54:541 21204 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 10:48:54:635 21204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:48:54:807 21204 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys 10:48:54:947 21204 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys 10:48:55:088 21204 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 10:48:55:244 21204 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys 10:48:55:354 21204 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 10:48:55:463 21204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:48:55:604 21204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:48:55:760 21204 FilterService (f83c0fd028dd37be4a337b138eba6b7b) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 10:48:55:869 21204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:48:56:010 21204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:48:56:135 21204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:48:56:229 21204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:48:56:400 21204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:48:56:541 21204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:48:56:666 21204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:48:56:979 21204 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:48:57:119 21204 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 10:48:57:244 21204 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:48:57:400 21204 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 10:48:57:557 21204 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys 10:48:57:682 21204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:48:57:822 21204 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 10:48:57:963 21204 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 10:48:58:104 21204 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 10:48:58:244 21204 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 10:48:58:354 21204 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 10:48:58:463 21204 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 10:48:58:619 21204 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 10:48:58:760 21204 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 10:48:58:947 21204 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 10:48:59:072 21204 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 10:48:59:182 21204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:48:59:322 21204 InCDfs (21950d2e8e1df8433595d0e014507440) C:\WINDOWS\system32\drivers\InCDFs.sys 10:48:59:479 21204 InCDPass (dbad148d468c0c5e494f1ddd18913974) C:\WINDOWS\system32\drivers\InCDPass.sys 10:48:59:619 21204 InCDrec (712672c10497f2a6fcecc697cad31f37) C:\WINDOWS\system32\drivers\InCDRec.sys 10:48:59:760 21204 incdrm (2cd48263e345cc8bfcbe599c4314f7f7) C:\WINDOWS\system32\drivers\InCDRm.sys 10:48:59:885 21204 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 10:49:00:025 21204 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys 10:49:00:213 21204 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:49:00:385 21204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:49:00:463 21204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:49:00:604 21204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:49:00:729 21204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:49:00:900 21204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:49:01:088 21204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:49:01:213 21204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:49:01:338 21204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:49:01:494 21204 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 10:49:01:604 21204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:49:01:744 21204 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:49:01:916 21204 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 10:49:02:088 21204 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 10:49:02:229 21204 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 10:49:02:400 21204 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\WINDOWS\system32\DRIVERS\lvrs.sys 10:49:02:541 21204 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\WINDOWS\system32\drivers\LVUSBSta.sys 10:49:02:869 21204 LVUVC (5c20c4be679842cbee729b0cff5928bd) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 10:49:03:213 21204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:49:03:338 21204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:49:03:479 21204 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 10:49:03:604 21204 Mouclass (8d908e5cb2eb62be70b2df151b2af9f8) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:49:03:604 21204 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 8d908e5cb2eb62be70b2df151b2af9f8, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04 10:49:03:604 21204 File "C:\WINDOWS\system32\DRIVERS\mouclass.sys" infected by TDSS rootkit ... 10:49:08:525 21204 Backup copy found, using it.. 10:49:08:572 21204 will be cured on next reboot 10:49:08:729 21204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:49:08:869 21204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:49:08:994 21204 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 10:49:09:119 21204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:49:09:275 21204 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:49:09:479 21204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:49:09:635 21204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:49:09:760 21204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:49:09:885 21204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:49:10:010 21204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:49:10:166 21204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 10:49:10:275 21204 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 10:49:10:432 21204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:49:10:557 21204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:49:10:713 21204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:49:10:822 21204 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:49:10:947 21204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:49:11:088 21204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:49:11:213 21204 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 10:49:11:354 21204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:49:11:494 21204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:49:11:635 21204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:49:11:775 21204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:49:11:916 21204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:49:12:307 21204 nv (0ae3a22dbe88dc219f8c0fdd30239e4f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:49:12:666 21204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:49:12:822 21204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:49:12:963 21204 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 10:49:13:104 21204 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 10:49:13:244 21204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:49:13:369 21204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:49:13:479 21204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:49:13:760 21204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:49:14:400 21204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:49:14:979 21204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:49:15:463 21204 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 10:49:15:588 21204 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 10:49:15:760 21204 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys 10:49:15:979 21204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:49:16:135 21204 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 10:49:16:275 21204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:49:16:369 21204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:49:16:510 21204 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 10:49:16:650 21204 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 10:49:16:760 21204 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 10:49:16:869 21204 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 10:49:16:994 21204 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 10:49:17:104 21204 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 10:49:17:197 21204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:49:17:322 21204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:49:17:463 21204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:49:17:619 21204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:49:17:744 21204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:49:17:916 21204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:49:18:057 21204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:49:18:229 21204 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 10:49:18:385 21204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:49:18:557 21204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:49:18:697 21204 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:49:18:838 21204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:49:18:963 21204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:49:19:213 21204 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys 10:49:19:369 21204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:49:19:494 21204 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys 10:49:19:650 21204 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 10:49:19:760 21204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:49:19:932 21204 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys 10:49:20:104 21204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:49:20:260 21204 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 10:49:20:479 21204 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys 10:49:20:635 21204 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys 10:49:20:807 21204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:49:20:932 21204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:49:21:072 21204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:49:21:213 21204 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 10:49:21:338 21204 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 10:49:21:447 21204 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 10:49:21:557 21204 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 10:49:21:666 21204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:49:21:807 21204 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:49:22:010 21204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:49:22:150 21204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:49:22:260 21204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:49:22:447 21204 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys 10:49:22:650 21204 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys 10:49:22:854 21204 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys 10:49:23:041 21204 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys 10:49:23:307 21204 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys 10:49:23:588 21204 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys 10:49:23:854 21204 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys 10:49:24:057 21204 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys 10:49:24:275 21204 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys 10:49:24:432 21204 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 10:49:24:557 21204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:49:24:697 21204 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 10:49:24:822 21204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:49:25:025 21204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 10:49:25:229 21204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:49:25:338 21204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:49:25:510 21204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:49:25:666 21204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:49:25:791 21204 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:49:25:932 21204 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:49:26:025 21204 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:49:26:135 21204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:49:26:291 21204 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys 10:49:26:432 21204 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys 10:49:26:541 21204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:49:26:666 21204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:49:26:916 21204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:49:27:072 21204 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:49:27:213 21204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:49:27:354 21204 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:49:27:494 21204 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:49:27:650 21204 Reboot required for cure complete.. 10:49:28:275 21204 Cure on reboot scheduled successfully 10:49:28:275 21204 10:49:28:275 21204 Completed 10:49:28:275 21204 10:49:28:275 21204 Results: 10:49:28:275 21204 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 10:49:28:275 21204 File objects infected / cured / cured on reboot: 1 / 0 / 1 10:49:28:275 21204 10:49:28:291 21204 KLMD(ARK) unloaded successfully Awaiting further instructions!

Hello, I was wondering if anyone might be able to help me out. A couple of days ago I received a popup on my PC. I googled the text and most websites pointed to the System Security malware. I couldn't run any executables and it wouldn't bring up task manager. I downloaded Malwarebytes and booted to safe mode and installed it. It came up with several pieces of malware and quarantined them. I rebooted and turned off system restore, rebooted and turned it back on. I ran a quick scan and it the PC came up clean. Bringing up my browser, however, I was getting redirects still. I made sure Malwarebytes was the latest version and ran a full scan. It came up clean. So I found this forum and followed the instructions until I got to the GMER Rootkit Scanner. I've run it twice now and it locks up my system each time. The second time I gave it three hours but it was still not responding. Any suggestions? Here are the logs for Malwarebytes and DDS. I am attaching the DDS file as instructed in case that helps. Any help would be greatly appreciated! 1st Malwarebytes log I ran: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4292 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 7/8/2010 11:39:46 AM mbam-log-2010-07-08 (11-39-46).txt Scan type: Full scan (C:\|G:\|) Objects scanned: 419101 Time elapsed: 2 hour(s), 17 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 18 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxmjhfsx (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxmjhfsx (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FraudPack) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fneyuyosegef (Trojan.Hiloti) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7de3d4c1-982b-4075-bdb3-eceea5983fd6}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\NetworkService\Local Settings\Application Data\wtkxkospj\trstststssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\Ak1.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\WINDOWS\wpsascp.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathan\Application Data\6f0b73ca.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP300\A0028265.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQ7wSKU9.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\42.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\A5.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\Ak0.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\FCHwgHtVag.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\SXbWsJckwF.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TMP58882.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.08264615429619782.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathan\Local Settings\Temp\setupv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. The one I ran last, where it says everything is clean: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4294 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/9/2010 5:14:47 AM mbam-log-2010-07-09 (05-14-47).txt Scan type: Full scan (C:\|G:\|) Objects scanned: 407030 Time elapsed: 5 hour(s), 27 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The DDS Logfile: DDS (Ver_10-03-17.01) - NTFSx86 Run by Nathan at 9:04:57.60 on Fri 07/09/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.365 [GMT -7:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\PROGRA~1\UTILIT~1\Cacheman\Cacheman.exe C:\WINDOWS\system32\ctfmon.exe G:\games\steam\steam.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\stickies\stickies.exe C:\Documents and Settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Alwil Software\Avast5\setup\avast.setup G:\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?ct=1056755011 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Cacheman] c:\progra~1\utilit~1\cacheman\Cacheman.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [steam] "g:\games\steam\steam.exe" -silent uRun: [Google Update] "c:\documents and settings\nathan\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe mRun: [OODefragTray] c:\windows\system32\oodtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup StartupFolder: c:\docume~1\nathan\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: fark.com\www Trusted Zone: gametab.com\www Trusted Zone: penny-arcade.com\www DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219345283765 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/openapi/receivers/FMSI.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/beje2/popcaploader.cab Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\nathan\applic~1\mozilla\firefox\profiles\g0rlcp2p.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2 FF - plugin: c:\documents and settings\nathan\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\nathan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\download manager\npfpdlm.dll FF - plugin: c:\program files\google\google updater\1.4.697.28342\npCIDetect7.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384] R2 MSSQL$CSS;MSSQL$CSS;c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlservr.exe -scss --> c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlservr.exe -sCSS [?] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384] S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.231\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.231\ati tray tools\atitray.sys [?] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?] S3 cpuz130;cpuz130;\??\c:\docume~1\nathan\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\nathan\locals~1\temp\cpuz130\cpuz_x32.sys [?] S3 gsplittm;gsplittm;\??\c:\docume~1\nathan\locals~1\temp\gsplittm.sys --> c:\docume~1\nathan\locals~1\temp\gsplittm.sys [?] S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlagent.exe -i css --> c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlagent.EXE -i CSS [?] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-7 1087680] S3 XAGPCPQ;XAGPCPQ;\??\c:\docume~1\nathan\locals~1\temp\xagpcpq.sys --> c:\docume~1\nathan\locals~1\temp\XAGPCPQ.SYS [?] =============== Created Last 30 ================ 2010-07-09 15:56:57 176 ----a-w- c:\documents and settings\nathan\defogger_reenable 2010-07-08 06:50:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 06:50:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 06:50:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 06:43:31 0 d-----w- C:\spoolerlogs 2010-07-05 18:32:08 1135 ----a-w- c:\windows\YAHTZEE.INI 2010-07-05 18:28:33 0 d-----w- c:\program files\drcode 2010-06-29 17:56:10 38848 ----a-w- c:\windows\avastSS.scr 2010-06-24 05:58:48 0 d-----w- c:\docume~1\nathan\applic~1\AdventureTools 2010-06-23 18:35:52 285 ----a-w- c:\windows\EReg072.dat 2010-06-23 18:35:33 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-06-23 18:35:32 140800 ----a-w- c:\windows\system32\tm20dec.ax 2010-06-23 18:35:31 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-06-23 18:35:07 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-06-23 18:35:00 5672 ----a-w- c:\windows\system32\quartz.vxd 2010-06-23 18:35:00 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-06-23 18:35:00 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-06-23 18:34:59 194320 ----a-w- c:\windows\system32\qcut.dll 2010-06-23 18:34:57 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-06-23 18:34:57 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-06-23 18:33:28 0 d-----w- C:\Sshock2 2010-06-23 17:05:39 0 d-----w- c:\docume~1\nathan\applic~1\YoudaGames 2010-06-15 15:20:32 0 d-----w- c:\program files\PeerGuardian2 2010-06-14 16:51:44 33 ----a-w- c:\windows\lg.ini 2010-06-10 18:54:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-07-08 16:03:49 1984 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll 2009-10-15 13:32:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-09-06 02:33:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 9:10:05.87 =============== Attach.txt