Jump to content

Malwarebytes does not load


Recommended Posts

Malwarebytes will not load. vbalgrid failed to load from vbalsgrid6.ocx. I ran stinger, which took out two viruses, but I can't access internet or boot from a CD. Help please!!

Here are my combofix and hijackthis logs

MalwareComboFix 09-03-02.03 - Mary Davenport 2009-03-04 14:16:02.3 - NTFSx86

Running from: F:\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\a9k.bin

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))

.

2009-03-03 23:18 . 2009-03-03 23:18 62 --a------ c:\windows\einit.ini

2009-03-03 13:44 . 2009-03-03 13:49 <DIR> d-------- c:\program files\RegCure

2009-03-03 11:12 . 2009-03-03 22:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-03 11:12 . 2009-03-03 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-03 11:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-03-03 11:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-03-03 11:04 . 2009-03-03 11:04 <DIR> d-------- c:\windows\ERUNT

2009-03-03 10:53 . 2009-03-03 15:17 <DIR> d-------- C:\SDFix

2009-03-01 15:00 . 2009-03-01 15:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6

2009-03-01 14:46 . 2003-01-02 07:35 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS

2009-03-01 14:46 . 2009-03-01 14:46 <DIR> d-------- c:\documents and settings\Administrator

2009-03-01 14:28 . 2009-02-22 18:49 8,784 --a------ c:\windows\SYSTEM32\DRIVERS\wATV03nt.sys

2009-02-28 08:35 . 2009-02-28 08:35 <DIR> d-------- c:\program files\New Folder

2009-02-22 18:49 . 2009-02-22 18:49 8,784 --a------ c:\windows\SYSTEM32\eeekp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-04 20:21 --------- d-----w c:\documents and settings\Mary Davenport\Application Data\AVG7

2009-03-04 07:18 --------- d-----w c:\program files\EarthLink 5.0

2009-03-03 19:46 --------- d-----w c:\program files\Plaxo

2009-02-25 10:25 --------- d-----w c:\program files\Noble Poker

2009-02-22 17:35 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7

2009-02-22 03:05 --------- d-----w c:\documents and settings\Mary Davenport\Application Data\ComcastToolbar

2007-09-16 06:35 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2007-09-16 06:35 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2007-09-16 06:35 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2007-09-16 06:35 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2007-09-16 06:35 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

.

------- Sigcheck -------

2005-03-02 10:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

2007-03-08 07:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

2003-09-25 08:49 560128 32173306185f603e75c477e117f3bb8d c:\windows\$NtServicePackUninstall$\user32.dll

2002-11-01 14:26 528896 68e1f4ef02df52ca9c5e157045d23582 c:\windows\$NtUninstallKB824141$\user32.dll

2002-08-29 03:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb c:\windows\$NtUninstallKB826939$\user32.dll

2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll

2005-03-02 10:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll

2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\ServicePackFiles\i386\user32.dll

2008-04-13 16:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll

2007-03-08 07:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SYSTEM32\user32.dll

2007-03-08 07:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SYSTEM32\DLLCACHE\user32.dll

2002-08-29 03:00 75264 8529c295df59b564d37a73b5629162b1 c:\windows\$NtServicePackUninstall$\ws2_32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll

2008-04-13 16:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SYSTEM32\ws2_32.dll

2004-09-29 10:27 656896 2c07195588d69a067c2afdaa31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

2005-01-27 09:08 657920 a8eac5330876548e9966a7d13025d196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll

2005-05-02 12:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

2005-03-09 23:43 657920 c8663b488996e89a84c3d17c1d12b79e c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll

2005-09-02 15:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll

2005-07-02 18:09 659456 6e533d155b259eb2363d3e04b5be309f c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

2005-10-20 19:38 661504 af785c4947676a7fc1673fdc5c8d0b5b c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-03 19:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-09 21:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 03:25 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-14 00:31 664576 d207370287cf769aebebf03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 07:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-03-07 09:40 823296 b8f4db39ca7353752f245379d285c80e c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

2007-04-25 01:08 823808 431defbb4a3d7b0dc062c1b064623a2f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

2007-06-27 06:40 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

2007-08-20 02:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

2007-10-10 15:47 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-06 18:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 05:03 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-22 19:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 08:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 01:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 12:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2008-12-20 15:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

2004-02-06 17:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 c:\windows\$NtServicePackUninstall$\wininet.dll

2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB834707$\wininet.dll

2004-09-29 10:47 656896 cba65b573c66fe23f647ff96e3a10994 c:\windows\$NtUninstallKB867282$\wininet.dll

2005-03-10 00:02 656896 6f018d6319be4f96426ea829b79e05d5 c:\windows\$NtUninstallKB883939$\wininet.dll

2005-01-27 09:13 656896 b5e043e440b210014e021b24cf0a72e3 c:\windows\$NtUninstallKB890923$\wininet.dll

2005-07-02 18:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 c:\windows\$NtUninstallKB896688$\wininet.dll

2005-05-02 12:52 657920 1a078af3f85d10ba56444c23b3a18e74 c:\windows\$NtUninstallKB896727$\wininet.dll

2005-09-02 15:52 658432 af61ebb1f550175eff406d545d6ab086 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-20 19:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-03 19:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-09 21:23 658432 38ab7a56f566d9aaad31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 03:02 658944 2b4db890936430c71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll

2006-10-23 07:17 658944 6b2735adff5a5d3b9130ca4a794722f0 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-09-14 00:39 658944 621af3f6174a3f60677f5230e28bcc07 c:\windows\$NtUninstallKB925454_0$\wininet.dll

2006-10-23 07:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\ie7\wininet.dll

2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll

2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 c:\windows\ie7updates\KB931768-IE7\wininet.dll

2007-03-07 09:45 822784 5b35dae6e4886f64d1da58c4e3e01eb9 c:\windows\ie7updates\KB933566-IE7\wininet.dll

2007-04-25 00:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 c:\windows\ie7updates\KB937143-IE7\wininet.dll

2007-06-27 06:34 823808 8068cbb58fe60cc95aeb2cff70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll

2007-08-20 02:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\ie7updates\KB942615-IE7\wininet.dll

2007-10-10 15:56 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB944533-IE7\wininet.dll

2007-12-06 18:21 824832 806d274c9a6c3aaea5eae8e4af841e04 c:\windows\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 05:06 826368 ad21461aef8244edec2ef18e55e1dcf3 c:\windows\ie7updates\KB950759-IE7\wininet.dll

2008-04-22 20:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 08:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-25 23:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-10-16 12:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\ie7updates\KB961260-IE7\wininet.dll

2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ServicePackFiles\i386\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll

2008-12-20 15:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll

2008-04-13 16:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SYSTEM32\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2005-05-25 11:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2002-08-29 03:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 18:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 03:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2007-10-30 09:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys

2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys

2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SYSTEM32\DLLCACHE\tcpip.sys

2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SYSTEM32\DRIVERS\tcpip.sys

2002-08-29 03:00 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtServicePackUninstall$\winlogon.exe

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe

2008-04-13 16:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SYSTEM32\winlogon.exe

2002-08-29 03:00 167552 3b350e5a2a5e951453f3993275a4523a c:\windows\$NtServicePackUninstall$\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys

2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DRIVERS\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys

2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

2005-03-01 16:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 08:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 01:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 01:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2003-04-24 07:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

2002-08-28 23:04 1947904 0e8efb15746878a9b256e75267337233 c:\windows\$NtUninstallKB826939$\ntkrnlpa.exe

2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-01 16:34 2056832 81013f36b21c7f72cf784cc6731e0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 04:55 2057600 1d659bfb788ed2ba45075624b748d249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 00:38 2057600 515d30e2c90a3665a2739309334c9283 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\I386\ntkrnlpa.exe

2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

2008-04-13 10:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SYSTEM32\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2005-03-01 17:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 08:51 2182016 cef243f6defd20be4adde26c7ecacb54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 01:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 01:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 02:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2003-04-24 07:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

2002-08-29 00:03 2042240 b9080d97dbd631aadf9128f7316958d2 c:\windows\$NtUninstallKB826939$\ntoskrnl.exe

2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-01 16:59 2179328 4d4cf2c14550a4b7718e94a6e581856e c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 06:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 01:10 2180352 582a8dbaa58c3b1f176eb2817daee77c c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\I386\ntoskrnl.exe

2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2008-04-13 11:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SYSTEM32\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

2007-06-13 02:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\explorer.exe

2007-06-13 03:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2002-08-29 03:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a c:\windows\$NtServicePackUninstall$\explorer.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\ServicePackFiles\i386\explorer.exe

2008-04-13 16:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2007-06-13 02:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\SYSTEM32\DLLCACHE\explorer.exe

2002-08-29 03:00 101376 e3df4a0252d287c44606ee55355e1623 c:\windows\$NtServicePackUninstall$\services.exe

2004-08-03 23:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe

2008-04-13 16:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe

2004-08-03 23:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SYSTEM32\services.exe

2002-08-29 03:00 11776 b2b6ba905d0e3f8a32a0eb3b4051807b c:\windows\$NtServicePackUninstall$\lsass.exe

2004-08-03 23:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe

2008-04-13 16:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe

2004-08-03 23:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SYSTEM32\lsass.exe

2002-08-29 03:00 13312 414de7cf9d3f19c3ea902f1bb38ec116 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-13 16:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe

2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SYSTEM32\ctfmon.exe

2005-06-10 16:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-08-29 03:00 51200 9b4155ba58192d4073082b8fc5d42612 c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-03 23:56 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2004-08-03 23:56 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-13 16:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe

2005-06-10 15:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\SYSTEM32\spoolsv.exe

2002-08-29 03:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-13 16:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SYSTEM32\userinit.exe

2002-08-29 03:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll

2008-04-13 16:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SYSTEM32\termsrv.dll

2006-07-05 02:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

2007-04-16 08:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

2002-08-29 03:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtServicePackUninstall$\kernel32.dll

2004-08-03 23:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll

2006-07-05 02:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll

2004-08-03 23:56 983552 888190e31455fad793312f8d087146eb c:\windows\ServicePackFiles\i386\kernel32.dll

2008-04-13 16:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll

2007-04-16 07:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\SYSTEM32\kernel32.dll

2007-04-16 07:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\SYSTEM32\DLLCACHE\kernel32.dll

2002-08-29 03:00 14848 865ad7ccb20856727d5bd994b094dc5e c:\windows\$NtServicePackUninstall$\powrprof.dll

2004-08-03 23:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\ServicePackFiles\i386\powrprof.dll

2008-04-13 16:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll

2004-08-03 23:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\SYSTEM32\powrprof.dll

2002-08-29 03:00 103936 c9f9e3e6b59c6d6cbce7f14494a4518a c:\windows\$NtServicePackUninstall$\imm32.dll

2004-08-03 23:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\ServicePackFiles\i386\imm32.dll

2008-04-13 16:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll

2004-08-03 23:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\SYSTEM32\imm32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_15.07.52.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-03 20:28:31 647,168 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2009-03-03 23:17:45 3,342,336 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

- 2009-03-03 20:28:31 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-03-03 23:17:45 20,480 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

- 2009-03-03 20:12:47 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT

+ 2009-03-04 19:51:33 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT

- 2009-03-03 20:12:47 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

+ 2009-03-04 19:51:33 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

- 2004-08-04 06:14:36 52,736 ----a-w c:\windows\SYSTEM32\DRIVERS\i8042prt.sys

+ 2004-08-04 07:14:36 52,736 ----a-w c:\windows\SYSTEM32\DRIVERS\i8042prt.sys

- 2004-08-04 07:56:42 21,504 ----a-w c:\windows\SYSTEM32\hidserv.dll

+ 2004-08-04 08:56:42 21,504 ----a-w c:\windows\SYSTEM32\hidserv.dll

+ 2004-08-04 06:14:36 52,736 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\i8042prt.sys

+ 2004-08-04 06:58:32 23,040 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\mouclass.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 196608]

"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]

"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]

"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]

"AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-20 406528]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-27 77824]

"mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen"="c:\program files\Nordstrom Silverscreen\bin-1\Nordstrom.exe" [2005-12-05 1748992]

"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 230976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]

"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eeekp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8551:TCP"= 8551:TCP:mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen

R1 eeekp;Asus Chipset Driver EEC-3;c:\windows\system32\eeekp.sys [2009-02-22 8784]

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - audstub

*Deregistered* - Avg7Core

*Deregistered* - Avg7RsW

*Deregistered* - Avg7RsXP

*Deregistered* - AvgClean

*Deregistered* - AvgTdi

*Deregistered* - Beep

*Deregistered* - Cdfs

*Deregistered* - cdudf_xp

*Deregistered* - DSproct

*Deregistered* - dsunidrv

*Deregistered* - Fastfat

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - i2omgmt

*Deregistered* - iAimTV2

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - Kbdclass

*Deregistered* - KodakCCS

*Deregistered* - KSecDD

*Deregistered* - mmc_2K

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - omci

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PptpMiniport

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - sr

*Deregistered* - swenum

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - UdfReadr_xp

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - Wanarp

.

Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\McAfee.com Update Check (DDKC2821-Mary Davenport).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 08:28]

2009-02-23 c:\windows\Tasks\McAfee.com Update Check (DDKC2821-Mary Davenport).job

- c:\progra~1\McAfee.com\Agent [2007-04-04 09:59]

2009-03-03 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]

2009-03-03 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]

.

- - - - ORPHANS REMOVED - - - -

Notify-eeekp - eeekp.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/a

uInternet Settings,ProxyOverride = 127.0.0.1;localhost

Handler: mav-8551 - {3df34399-d2a5-46d6-adc3-acb047b4ffe4} - c:\program files\Nordstrom Silverscreen\bin-1\idsAX.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab

DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab

FF - ProfilePath - c:\documents and settings\Mary Davenport\Application Data\Mozilla\Firefox\Profiles\25xc7tzt.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 14:21:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\WinZip\WZQKPICK.EXE

.

**************************************************************************

.

Completion time: 2009-03-04 14:26:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-04 22:26:18

ComboFix2.txt 2009-03-04 08:00:35

ComboFix3.txt 2009-03-03 23:09:00

Pre-Run: 41,225,445,376 bytes free

Post-Run: 41,211,547,648 bytes free

406 --- E O F --- 2009-02-12 23:25:21

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:57:34, on 3/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Nordstrom Silverscreen\bin-1\Nordstrom.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\explorer.exe

F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen] C:\Program Files\Nordstrom Silverscreen\bin-1\Nordstrom.exe

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095961840921

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223

O18 - Protocol: mav-8551 - {3DF34399-D2A5-46D6-ADC3-ACB047B4FFE4} - C:\Program Files\Nordstrom Silverscreen\bin-1\idsAX.dll

O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Eastman Kodak Company - (no file)

O23 - Service: DHCP Client (Dhcp) - Eastman Kodak Company - (no file)

O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Eastman Kodak Company - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: HID Input Service (HidServ) - Unknown owner - (no file)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Workstation (lanmanworkstation) - Unknown owner - (no file)

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)

O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - (no file)

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Time (w32time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - (no file)

O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - (no file)

O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - (no file)

--

End of file - 8930 bytes

Link to post
Share on other sites

Malwarebytes will not load. vbalgrid failed to load from vbalsgrid6.ocx. I ran stinger, which took out two viruses, but I can't access internet or boot from a CD. Help please!!

Here are my combofix and hijackthis logs

MalwareComboFix 09-03-02.03 - Mary Davenport 2009-03-04 14:16:02.3 - NTFSx86

Running from: F:\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\a9k.bin

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))

.

2009-03-03 23:18 . 2009-03-03 23:18 62 --a------ c:\windows\einit.ini

2009-03-03 13:44 . 2009-03-03 13:49 <DIR> d-------- c:\program files\RegCure

2009-03-03 11:12 . 2009-03-03 22:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-03 11:12 . 2009-03-03 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-03 11:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-03-03 11:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-03-03 11:04 . 2009-03-03 11:04 <DIR> d-------- c:\windows\ERUNT

2009-03-03 10:53 . 2009-03-03 15:17 <DIR> d-------- C:\SDFix

2009-03-01 15:00 . 2009-03-01 15:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6

2009-03-01 14:46 . 2003-01-02 07:35 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS

2009-03-01 14:46 . 2009-03-01 14:46 <DIR> d-------- c:\documents and settings\Administrator

2009-03-01 14:28 . 2009-02-22 18:49 8,784 --a------ c:\windows\SYSTEM32\DRIVERS\wATV03nt.sys

2009-02-28 08:35 . 2009-02-28 08:35 <DIR> d-------- c:\program files\New Folder

2009-02-22 18:49 . 2009-02-22 18:49 8,784 --a------ c:\windows\SYSTEM32\eeekp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-04 20:21 --------- d-----w c:\documents and settings\Mary Davenport\Application Data\AVG7

2009-03-04 07:18 --------- d-----w c:\program files\EarthLink 5.0

2009-03-03 19:46 --------- d-----w c:\program files\Plaxo

2009-02-25 10:25 --------- d-----w c:\program files\Noble Poker

2009-02-22 17:35 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7

2009-02-22 03:05 --------- d-----w c:\documents and settings\Mary Davenport\Application Data\ComcastToolbar

2007-09-16 06:35 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2007-09-16 06:35 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2007-09-16 06:35 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2007-09-16 06:35 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2007-09-16 06:35 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

.

------- Sigcheck -------

2005-03-02 10:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

2007-03-08 07:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

2003-09-25 08:49 560128 32173306185f603e75c477e117f3bb8d c:\windows\$NtServicePackUninstall$\user32.dll

2002-11-01 14:26 528896 68e1f4ef02df52ca9c5e157045d23582 c:\windows\$NtUninstallKB824141$\user32.dll

2002-08-29 03:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb c:\windows\$NtUninstallKB826939$\user32.dll

2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll

2005-03-02 10:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll

2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\ServicePackFiles\i386\user32.dll

2008-04-13 16:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll

2007-03-08 07:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SYSTEM32\user32.dll

2007-03-08 07:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SYSTEM32\DLLCACHE\user32.dll

2002-08-29 03:00 75264 8529c295df59b564d37a73b5629162b1 c:\windows\$NtServicePackUninstall$\ws2_32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll

2008-04-13 16:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SYSTEM32\ws2_32.dll

2004-09-29 10:27 656896 2c07195588d69a067c2afdaa31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

2005-01-27 09:08 657920 a8eac5330876548e9966a7d13025d196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll

2005-05-02 12:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

2005-03-09 23:43 657920 c8663b488996e89a84c3d17c1d12b79e c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll

2005-09-02 15:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll

2005-07-02 18:09 659456 6e533d155b259eb2363d3e04b5be309f c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

2005-10-20 19:38 661504 af785c4947676a7fc1673fdc5c8d0b5b c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-03 19:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-09 21:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 03:25 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-14 00:31 664576 d207370287cf769aebebf03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 07:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-03-07 09:40 823296 b8f4db39ca7353752f245379d285c80e c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

2007-04-25 01:08 823808 431defbb4a3d7b0dc062c1b064623a2f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

2007-06-27 06:40 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

2007-08-20 02:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

2007-10-10 15:47 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-06 18:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 05:03 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-22 19:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 08:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 01:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 12:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2008-12-20 15:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

2004-02-06 17:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 c:\windows\$NtServicePackUninstall$\wininet.dll

2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB834707$\wininet.dll

2004-09-29 10:47 656896 cba65b573c66fe23f647ff96e3a10994 c:\windows\$NtUninstallKB867282$\wininet.dll

2005-03-10 00:02 656896 6f018d6319be4f96426ea829b79e05d5 c:\windows\$NtUninstallKB883939$\wininet.dll

2005-01-27 09:13 656896 b5e043e440b210014e021b24cf0a72e3 c:\windows\$NtUninstallKB890923$\wininet.dll

2005-07-02 18:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 c:\windows\$NtUninstallKB896688$\wininet.dll

2005-05-02 12:52 657920 1a078af3f85d10ba56444c23b3a18e74 c:\windows\$NtUninstallKB896727$\wininet.dll

2005-09-02 15:52 658432 af61ebb1f550175eff406d545d6ab086 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-20 19:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-03 19:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-09 21:23 658432 38ab7a56f566d9aaad31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 03:02 658944 2b4db890936430c71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll

2006-10-23 07:17 658944 6b2735adff5a5d3b9130ca4a794722f0 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-09-14 00:39 658944 621af3f6174a3f60677f5230e28bcc07 c:\windows\$NtUninstallKB925454_0$\wininet.dll

2006-10-23 07:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\ie7\wininet.dll

2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll

2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 c:\windows\ie7updates\KB931768-IE7\wininet.dll

2007-03-07 09:45 822784 5b35dae6e4886f64d1da58c4e3e01eb9 c:\windows\ie7updates\KB933566-IE7\wininet.dll

2007-04-25 00:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 c:\windows\ie7updates\KB937143-IE7\wininet.dll

2007-06-27 06:34 823808 8068cbb58fe60cc95aeb2cff70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll

2007-08-20 02:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\ie7updates\KB942615-IE7\wininet.dll

2007-10-10 15:56 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB944533-IE7\wininet.dll

2007-12-06 18:21 824832 806d274c9a6c3aaea5eae8e4af841e04 c:\windows\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 05:06 826368 ad21461aef8244edec2ef18e55e1dcf3 c:\windows\ie7updates\KB950759-IE7\wininet.dll

2008-04-22 20:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 08:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-25 23:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-10-16 12:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\ie7updates\KB961260-IE7\wininet.dll

2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ServicePackFiles\i386\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll

2008-12-20 15:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll

2008-04-13 16:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SYSTEM32\wininet.dll

2008-12-20 15:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2005-05-25 11:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2002-08-29 03:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 18:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 03:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2007-10-30 09:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys

2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys

2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SYSTEM32\DLLCACHE\tcpip.sys

2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SYSTEM32\DRIVERS\tcpip.sys

2002-08-29 03:00 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtServicePackUninstall$\winlogon.exe

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe

2008-04-13 16:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SYSTEM32\winlogon.exe

2002-08-29 03:00 167552 3b350e5a2a5e951453f3993275a4523a c:\windows\$NtServicePackUninstall$\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys

2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DRIVERS\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys

2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

2005-03-01 16:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 08:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 01:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 01:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2003-04-24 07:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

2002-08-28 23:04 1947904 0e8efb15746878a9b256e75267337233 c:\windows\$NtUninstallKB826939$\ntkrnlpa.exe

2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-01 16:34 2056832 81013f36b21c7f72cf784cc6731e0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 04:55 2057600 1d659bfb788ed2ba45075624b748d249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 00:38 2057600 515d30e2c90a3665a2739309334c9283 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\I386\ntkrnlpa.exe

2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

2008-04-13 10:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SYSTEM32\ntkrnlpa.exe

2008-08-14 01:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2005-03-01 17:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 08:51 2182016 cef243f6defd20be4adde26c7ecacb54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 01:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 01:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 02:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2003-04-24 07:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

2002-08-29 00:03 2042240 b9080d97dbd631aadf9128f7316958d2 c:\windows\$NtUninstallKB826939$\ntoskrnl.exe

2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-01 16:59 2179328 4d4cf2c14550a4b7718e94a6e581856e c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 06:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 01:10 2180352 582a8dbaa58c3b1f176eb2817daee77c c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\I386\ntoskrnl.exe

2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2008-04-13 11:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SYSTEM32\ntoskrnl.exe

2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

2007-06-13 02:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\explorer.exe

2007-06-13 03:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2002-08-29 03:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a c:\windows\$NtServicePackUninstall$\explorer.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\ServicePackFiles\i386\explorer.exe

2008-04-13 16:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2007-06-13 02:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\SYSTEM32\DLLCACHE\explorer.exe

2002-08-29 03:00 101376 e3df4a0252d287c44606ee55355e1623 c:\windows\$NtServicePackUninstall$\services.exe

2004-08-03 23:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe

2008-04-13 16:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe

2004-08-03 23:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SYSTEM32\services.exe

2002-08-29 03:00 11776 b2b6ba905d0e3f8a32a0eb3b4051807b c:\windows\$NtServicePackUninstall$\lsass.exe

2004-08-03 23:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe

2008-04-13 16:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe

2004-08-03 23:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SYSTEM32\lsass.exe

2002-08-29 03:00 13312 414de7cf9d3f19c3ea902f1bb38ec116 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-13 16:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe

2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SYSTEM32\ctfmon.exe

2005-06-10 16:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-08-29 03:00 51200 9b4155ba58192d4073082b8fc5d42612 c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-03 23:56 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2004-08-03 23:56 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-13 16:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe

2005-06-10 15:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\SYSTEM32\spoolsv.exe

2002-08-29 03:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-13 16:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SYSTEM32\userinit.exe

2002-08-29 03:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll

2008-04-13 16:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SYSTEM32\termsrv.dll

2006-07-05 02:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

2007-04-16 08:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

2002-08-29 03:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtServicePackUninstall$\kernel32.dll

2004-08-03 23:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll

2006-07-05 02:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll

2004-08-03 23:56 983552 888190e31455fad793312f8d087146eb c:\windows\ServicePackFiles\i386\kernel32.dll

2008-04-13 16:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll

2007-04-16 07:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\SYSTEM32\kernel32.dll

2007-04-16 07:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\SYSTEM32\DLLCACHE\kernel32.dll

2002-08-29 03:00 14848 865ad7ccb20856727d5bd994b094dc5e c:\windows\$NtServicePackUninstall$\powrprof.dll

2004-08-03 23:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\ServicePackFiles\i386\powrprof.dll

2008-04-13 16:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll

2004-08-03 23:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\SYSTEM32\powrprof.dll

2002-08-29 03:00 103936 c9f9e3e6b59c6d6cbce7f14494a4518a c:\windows\$NtServicePackUninstall$\imm32.dll

2004-08-03 23:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\ServicePackFiles\i386\imm32.dll

2008-04-13 16:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll

2004-08-03 23:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\SYSTEM32\imm32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_15.07.52.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-03 20:28:31 647,168 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2009-03-03 23:17:45 3,342,336 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

- 2009-03-03 20:28:31 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-03-03 23:17:45 20,480 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

- 2009-03-03 20:12:47 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT

+ 2009-03-04 19:51:33 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT

- 2009-03-03 20:12:47 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

+ 2009-03-04 19:51:33 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

- 2004-08-04 06:14:36 52,736 ----a-w c:\windows\SYSTEM32\DRIVERS\i8042prt.sys

+ 2004-08-04 07:14:36 52,736 ----a-w c:\windows\SYSTEM32\DRIVERS\i8042prt.sys

- 2004-08-04 07:56:42 21,504 ----a-w c:\windows\SYSTEM32\hidserv.dll

+ 2004-08-04 08:56:42 21,504 ----a-w c:\windows\SYSTEM32\hidserv.dll

+ 2004-08-04 06:14:36 52,736 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\i8042prt.sys

+ 2004-08-04 06:58:32 23,040 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\mouclass.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 196608]

"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]

"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]

"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]

"AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-20 406528]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-27 77824]

"mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen"="c:\program files\Nordstrom Silverscreen\bin-1\Nordstrom.exe" [2005-12-05 1748992]

"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 230976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]

"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eeekp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8551:TCP"= 8551:TCP:mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen

R1 eeekp;Asus Chipset Driver EEC-3;c:\windows\system32\eeekp.sys [2009-02-22 8784]

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - audstub

*Deregistered* - Avg7Core

*Deregistered* - Avg7RsW

*Deregistered* - Avg7RsXP

*Deregistered* - AvgClean

*Deregistered* - AvgTdi

*Deregistered* - Beep

*Deregistered* - Cdfs

*Deregistered* - cdudf_xp

*Deregistered* - DSproct

*Deregistered* - dsunidrv

*Deregistered* - Fastfat

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - i2omgmt

*Deregistered* - iAimTV2

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - Kbdclass

*Deregistered* - KodakCCS

*Deregistered* - KSecDD

*Deregistered* - mmc_2K

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - omci

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PptpMiniport

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - sr

*Deregistered* - swenum

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - UdfReadr_xp

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - Wanarp

.

Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\McAfee.com Update Check (DDKC2821-Mary Davenport).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 08:28]

2009-02-23 c:\windows\Tasks\McAfee.com Update Check (DDKC2821-Mary Davenport).job

- c:\progra~1\McAfee.com\Agent [2007-04-04 09:59]

2009-03-03 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]

2009-03-03 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]

.

- - - - ORPHANS REMOVED - - - -

Notify-eeekp - eeekp.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/a

uInternet Settings,ProxyOverride = 127.0.0.1;localhost

Handler: mav-8551 - {3df34399-d2a5-46d6-adc3-acb047b4ffe4} - c:\program files\Nordstrom Silverscreen\bin-1\idsAX.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab

DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab

FF - ProfilePath - c:\documents and settings\Mary Davenport\Application Data\Mozilla\Firefox\Profiles\25xc7tzt.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 14:21:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\WinZip\WZQKPICK.EXE

.

**************************************************************************

.

Completion time: 2009-03-04 14:26:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-04 22:26:18

ComboFix2.txt 2009-03-04 08:00:35

ComboFix3.txt 2009-03-03 23:09:00

Pre-Run: 41,225,445,376 bytes free

Post-Run: 41,211,547,648 bytes free

406 --- E O F --- 2009-02-12 23:25:21

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:57:34, on 3/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Nordstrom Silverscreen\bin-1\Nordstrom.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\explorer.exe

F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mavenapp://www.maven.net/services/projects/Nordstrom/SilverScreen] C:\Program Files\Nordstrom Silverscreen\bin-1\Nordstrom.exe

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1968611769-4129261136-427969404-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095961840921

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223

O18 - Protocol: mav-8551 - {3DF34399-D2A5-46D6-ADC3-ACB047B4FFE4} - C:\Program Files\Nordstrom Silverscreen\bin-1\idsAX.dll

O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Eastman Kodak Company - (no file)

O23 - Service: DHCP Client (Dhcp) - Eastman Kodak Company - (no file)

O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Eastman Kodak Company - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: HID Input Service (HidServ) - Unknown owner - (no file)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Workstation (lanmanworkstation) - Unknown owner - (no file)

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)

O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - (no file)

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Time (w32time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - (no file)

O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - (no file)

O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - (no file)

--

End of file - 8930 bytes

Link to post
Share on other sites

  • Root Admin

Please see if MBAM will now install and scan.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.