Jump to content

Recommended Posts

Hello,

I was wondering if anyone might be able to help me out. A couple of days ago I received a popup on my PC. I googled the text and most websites pointed to the System Security malware. I couldn't run any executables and it wouldn't bring up task manager. I downloaded Malwarebytes and booted to safe mode and installed it. It came up with several pieces of malware and quarantined them.

I rebooted and turned off system restore, rebooted and turned it back on. I ran a quick scan and it the PC came up clean. Bringing up my browser, however, I was getting redirects still. I made sure Malwarebytes was the latest version and ran a full scan. It came up clean.

So I found this forum and followed the instructions until I got to the GMER Rootkit Scanner. I've run it twice now and it locks up my system each time. The second time I gave it three hours but it was still not responding.

Any suggestions? Here are the logs for Malwarebytes and DDS. I am attaching the DDS file as instructed in case that helps.

Any help would be greatly appreciated!

1st Malwarebytes log I ran:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4292

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

7/8/2010 11:39:46 AM

mbam-log-2010-07-08 (11-39-46).txt

Scan type: Full scan (C:\|G:\|)

Objects scanned: 419101

Time elapsed: 2 hour(s), 17 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxmjhfsx (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxmjhfsx (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FraudPack) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fneyuyosegef (Trojan.Hiloti) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7de3d4c1-982b-4075-bdb3-eceea5983fd6}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\NetworkService\Local Settings\Application Data\wtkxkospj\trstststssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\Ak1.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

C:\WINDOWS\wpsascp.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nathan\Application Data\6f0b73ca.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP300\A0028265.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\ernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQ7wSKU9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\42.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\A5.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\Ak0.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\FCHwgHtVag.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\SXbWsJckwF.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TMP58882.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\0.08264615429619782.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nathan\Local Settings\Temp\setupv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

The one I ran last, where it says everything is clean:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/9/2010 5:14:47 AM

mbam-log-2010-07-09 (05-14-47).txt

Scan type: Full scan (C:\|G:\|)

Objects scanned: 407030

Time elapsed: 5 hour(s), 27 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The DDS Logfile:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Nathan at 9:04:57.60 on Fri 07/09/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.365 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\oodtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\PROGRA~1\UTILIT~1\Cacheman\Cacheman.exe

C:\WINDOWS\system32\ctfmon.exe

G:\games\steam\steam.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\stickies\stickies.exe

C:\Documents and Settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Alwil Software\Avast5\setup\avast.setup

G:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?ct=1056755011

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Cacheman] c:\progra~1\utilit~1\cacheman\Cacheman.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [steam] "g:\games\steam\steam.exe" -silent

uRun: [Google Update] "c:\documents and settings\nathan\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

mRun: [OODefragTray] c:\windows\system32\oodtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

StartupFolder: c:\docume~1\nathan\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: fark.com\www

Trusted Zone: gametab.com\www

Trusted Zone: penny-arcade.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219345283765

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/openapi/receivers/FMSI.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/beje2/popcaploader.cab

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nathan\applic~1\mozilla\firefox\profiles\g0rlcp2p.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - plugin: c:\documents and settings\nathan\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\nathan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google updater\1.4.697.28342\npCIDetect7.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]

R2 MSSQL$CSS;MSSQL$CSS;c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlservr.exe -scss --> c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlservr.exe -sCSS [?]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]

S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.231\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.231\ati tray tools\atitray.sys [?]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\nathan\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\nathan\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 gsplittm;gsplittm;\??\c:\docume~1\nathan\locals~1\temp\gsplittm.sys --> c:\docume~1\nathan\locals~1\temp\gsplittm.sys [?]

S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlagent.exe -i css --> c:\program files\microsoft sql server\mssql$css\binn\mssql$css\binn\sqlagent.EXE -i CSS [?]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-7 1087680]

S3 XAGPCPQ;XAGPCPQ;\??\c:\docume~1\nathan\locals~1\temp\xagpcpq.sys --> c:\docume~1\nathan\locals~1\temp\XAGPCPQ.SYS [?]

=============== Created Last 30 ================

2010-07-09 15:56:57 176 ----a-w- c:\documents and settings\nathan\defogger_reenable

2010-07-08 06:50:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 06:50:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 06:50:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 06:43:31 0 d-----w- C:\spoolerlogs

2010-07-05 18:32:08 1135 ----a-w- c:\windows\YAHTZEE.INI

2010-07-05 18:28:33 0 d-----w- c:\program files\drcode

2010-06-29 17:56:10 38848 ----a-w- c:\windows\avastSS.scr

2010-06-24 05:58:48 0 d-----w- c:\docume~1\nathan\applic~1\AdventureTools

2010-06-23 18:35:52 285 ----a-w- c:\windows\EReg072.dat

2010-06-23 18:35:33 38160 ----a-w- c:\windows\system32\LMRTREND.dll

2010-06-23 18:35:32 140800 ----a-w- c:\windows\system32\tm20dec.ax

2010-06-23 18:35:31 182032 ----a-w- c:\windows\system32\dxtmsft3.dll

2010-06-23 18:35:07 63488 ----a-w- c:\windows\system32\unam4ie.exe

2010-06-23 18:35:00 5672 ----a-w- c:\windows\system32\quartz.vxd

2010-06-23 18:35:00 11776 ----a-w- c:\windows\system32\mciqtz.drv

2010-06-23 18:35:00 10240 ----a-w- c:\windows\system32\vidx16.dll

2010-06-23 18:34:59 194320 ----a-w- c:\windows\system32\qcut.dll

2010-06-23 18:34:57 4608 ----a-w- c:\windows\system32\w95inf32.dll

2010-06-23 18:34:57 2272 ----a-w- c:\windows\system32\w95inf16.dll

2010-06-23 18:33:28 0 d-----w- C:\Sshock2

2010-06-23 17:05:39 0 d-----w- c:\docume~1\nathan\applic~1\YoudaGames

2010-06-15 15:20:32 0 d-----w- c:\program files\PeerGuardian2

2010-06-14 16:51:44 33 ----a-w- c:\windows\lg.ini

2010-06-10 18:54:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-08 16:03:49 1984 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2009-10-15 13:32:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-09-06 02:33:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 9:10:05.87 ===============

Attach.txt

Link to post
Share on other sites

Hi nestamon And Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

Kenny94,

Thanks for the response. I ran TDSSKiller and it found one thing, then prompted me to reboot.

Here is the log file:

10:48:43:604 21204 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

10:48:43:604 21204 ================================================================================

10:48:43:604 21204 SystemInfo:

10:48:43:604 21204 OS Version: 5.1.2600 ServicePack: 3.0

10:48:43:604 21204 Product type: Workstation

10:48:43:604 21204 ComputerName: SHELB1

10:48:43:604 21204 UserName: Nathan

10:48:43:604 21204 Windows directory: C:\WINDOWS

10:48:43:604 21204 System windows directory: C:\WINDOWS

10:48:43:604 21204 Processor architecture: Intel x86

10:48:43:604 21204 Number of processors: 2

10:48:43:604 21204 Page size: 0x1000

10:48:43:604 21204 Boot type: Normal boot

10:48:43:604 21204 ================================================================================

10:48:44:104 21204 Initialize success

10:48:44:104 21204

10:48:44:104 21204 Scanning Services ...

10:48:44:822 21204 Raw services enum returned 407 services

10:48:44:838 21204

10:48:44:854 21204 Scanning Drivers ...

10:48:46:775 21204 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys

10:48:46:994 21204 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

10:48:47:104 21204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:48:47:244 21204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:48:47:400 21204 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

10:48:47:510 21204 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

10:48:47:650 21204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:48:47:807 21204 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

10:48:47:932 21204 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

10:48:48:072 21204 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

10:48:48:229 21204 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

10:48:48:369 21204 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

10:48:48:510 21204 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

10:48:48:619 21204 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

10:48:48:900 21204 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

10:48:49:338 21204 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

10:48:49:697 21204 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

10:48:49:838 21204 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

10:48:49:947 21204 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

10:48:50:072 21204 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

10:48:50:197 21204 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

10:48:50:338 21204 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys

10:48:50:463 21204 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys

10:48:50:588 21204 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys

10:48:50:713 21204 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys

10:48:50:869 21204 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys

10:48:51:010 21204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:48:51:119 21204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:48:51:416 21204 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys

10:48:51:588 21204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:48:51:713 21204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:48:51:885 21204 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys

10:48:52:072 21204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:48:52:229 21204 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

10:48:52:338 21204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:48:52:463 21204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:48:52:588 21204 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

10:48:52:666 21204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:48:52:807 21204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:48:52:947 21204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:48:53:197 21204 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

10:48:53:307 21204 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

10:48:53:588 21204 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

10:48:53:713 21204 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

10:48:53:838 21204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:48:54:010 21204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:48:54:166 21204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:48:54:275 21204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:48:54:400 21204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:48:54:541 21204 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

10:48:54:635 21204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:48:54:807 21204 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

10:48:54:947 21204 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

10:48:55:088 21204 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:48:55:244 21204 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys

10:48:55:354 21204 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

10:48:55:463 21204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:48:55:604 21204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:48:55:760 21204 FilterService (f83c0fd028dd37be4a337b138eba6b7b) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

10:48:55:869 21204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:48:56:010 21204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:48:56:135 21204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:48:56:229 21204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:48:56:400 21204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:48:56:541 21204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:48:56:666 21204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:48:56:979 21204 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:48:57:119 21204 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

10:48:57:244 21204 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:48:57:400 21204 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:48:57:557 21204 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

10:48:57:682 21204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:48:57:822 21204 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

10:48:57:963 21204 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

10:48:58:104 21204 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

10:48:58:244 21204 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

10:48:58:354 21204 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

10:48:58:463 21204 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

10:48:58:619 21204 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

10:48:58:760 21204 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

10:48:58:947 21204 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

10:48:59:072 21204 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

10:48:59:182 21204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:48:59:322 21204 InCDfs (21950d2e8e1df8433595d0e014507440) C:\WINDOWS\system32\drivers\InCDFs.sys

10:48:59:479 21204 InCDPass (dbad148d468c0c5e494f1ddd18913974) C:\WINDOWS\system32\drivers\InCDPass.sys

10:48:59:619 21204 InCDrec (712672c10497f2a6fcecc697cad31f37) C:\WINDOWS\system32\drivers\InCDRec.sys

10:48:59:760 21204 incdrm (2cd48263e345cc8bfcbe599c4314f7f7) C:\WINDOWS\system32\drivers\InCDRm.sys

10:48:59:885 21204 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

10:49:00:025 21204 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

10:49:00:213 21204 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:49:00:385 21204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:49:00:463 21204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:49:00:604 21204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:49:00:729 21204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:49:00:900 21204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:49:01:088 21204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:49:01:213 21204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:49:01:338 21204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:49:01:494 21204 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

10:49:01:604 21204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:49:01:744 21204 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:49:01:916 21204 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

10:49:02:088 21204 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

10:49:02:229 21204 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

10:49:02:400 21204 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

10:49:02:541 21204 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\WINDOWS\system32\drivers\LVUSBSta.sys

10:49:02:869 21204 LVUVC (5c20c4be679842cbee729b0cff5928bd) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

10:49:03:213 21204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:49:03:338 21204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:49:03:479 21204 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

10:49:03:604 21204 Mouclass (8d908e5cb2eb62be70b2df151b2af9f8) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:49:03:604 21204 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 8d908e5cb2eb62be70b2df151b2af9f8, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04

10:49:03:604 21204 File "C:\WINDOWS\system32\DRIVERS\mouclass.sys" infected by TDSS rootkit ... 10:49:08:525 21204 Backup copy found, using it..

10:49:08:572 21204 will be cured on next reboot

10:49:08:729 21204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:49:08:869 21204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:49:08:994 21204 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

10:49:09:119 21204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:49:09:275 21204 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:49:09:479 21204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:49:09:635 21204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:49:09:760 21204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:49:09:885 21204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:49:10:010 21204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:49:10:166 21204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:49:10:275 21204 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:49:10:432 21204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:49:10:557 21204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:49:10:713 21204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:49:10:822 21204 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:49:10:947 21204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:49:11:088 21204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:49:11:213 21204 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

10:49:11:354 21204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:49:11:494 21204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:49:11:635 21204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:49:11:775 21204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:49:11:916 21204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:49:12:307 21204 nv (0ae3a22dbe88dc219f8c0fdd30239e4f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:49:12:666 21204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:49:12:822 21204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:49:12:963 21204 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

10:49:13:104 21204 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

10:49:13:244 21204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:49:13:369 21204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:49:13:479 21204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:49:13:760 21204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:49:14:400 21204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:49:14:979 21204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:49:15:463 21204 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

10:49:15:588 21204 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

10:49:15:760 21204 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys

10:49:15:979 21204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:49:16:135 21204 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

10:49:16:275 21204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:49:16:369 21204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:49:16:510 21204 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

10:49:16:650 21204 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

10:49:16:760 21204 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

10:49:16:869 21204 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

10:49:16:994 21204 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

10:49:17:104 21204 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

10:49:17:197 21204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:49:17:322 21204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:49:17:463 21204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:49:17:619 21204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:49:17:744 21204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:49:17:916 21204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:49:18:057 21204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:49:18:229 21204 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:49:18:385 21204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:49:18:557 21204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:49:18:697 21204 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:49:18:838 21204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:49:18:963 21204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:49:19:213 21204 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

10:49:19:369 21204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:49:19:494 21204 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys

10:49:19:650 21204 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

10:49:19:760 21204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:49:19:932 21204 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys

10:49:20:104 21204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:49:20:260 21204 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

10:49:20:479 21204 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

10:49:20:635 21204 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

10:49:20:807 21204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:49:20:932 21204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:49:21:072 21204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:49:21:213 21204 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

10:49:21:338 21204 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

10:49:21:447 21204 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

10:49:21:557 21204 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

10:49:21:666 21204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:49:21:807 21204 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:49:22:010 21204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:49:22:150 21204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:49:22:260 21204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:49:22:447 21204 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

10:49:22:650 21204 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

10:49:22:854 21204 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

10:49:23:041 21204 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

10:49:23:307 21204 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

10:49:23:588 21204 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

10:49:23:854 21204 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

10:49:24:057 21204 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

10:49:24:275 21204 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

10:49:24:432 21204 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

10:49:24:557 21204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:49:24:697 21204 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

10:49:24:822 21204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:49:25:025 21204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

10:49:25:229 21204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:49:25:338 21204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:49:25:510 21204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:49:25:666 21204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:49:25:791 21204 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:49:25:932 21204 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:49:26:025 21204 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:49:26:135 21204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:49:26:291 21204 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

10:49:26:432 21204 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

10:49:26:541 21204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:49:26:666 21204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:49:26:916 21204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:49:27:072 21204 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:49:27:213 21204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:49:27:354 21204 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:49:27:494 21204 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:49:27:650 21204 Reboot required for cure complete..

10:49:28:275 21204 Cure on reboot scheduled successfully

10:49:28:275 21204

10:49:28:275 21204 Completed

10:49:28:275 21204

10:49:28:275 21204 Results:

10:49:28:275 21204 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

10:49:28:275 21204 File objects infected / cured / cured on reboot: 1 / 0 / 1

10:49:28:275 21204

10:49:28:291 21204 KLMD(ARK) unloaded successfully

Awaiting further instructions!

Link to post
Share on other sites

That TDSS rootkit was causing redirects.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

OK Combofix ran and here is the logfile:

ComboFix 10-07-10.01 - Nathan 07/11/2010 9:09.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.343 [GMT -7:00]

Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Nathan\System

c:\documents and settings\Nathan\System\win_qs8.jqx

C:\install.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\patch.exe

c:\windows\system32\logs

c:\windows\system32\logs\{655A3CE7-2565-4860-8EBA-D4570C1EE398}.log

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\xpsp1hfm.log

G:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))

.

2010-07-09 17:50 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-09 17:42 . 2010-07-09 17:42 -------- d-----w- c:\program files\iPod

2010-07-09 17:42 . 2010-07-09 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-09 17:33 . 2010-07-09 17:33 -------- d-----w- c:\program files\Bonjour

2010-07-09 17:29 . 2010-07-09 17:29 -------- d-----w- c:\program files\Apple Software Update

2010-07-08 06:50 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 06:50 . 2010-07-08 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 06:50 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 06:43 . 2010-07-08 06:43 -------- d-----w- C:\spoolerlogs

2010-07-08 05:13 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\wtkxkospj

2010-07-08 04:03 . 2010-07-08 04:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-05 18:28 . 2010-07-05 18:28 -------- d-----w- c:\program files\drcode

2010-06-29 17:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-06-24 05:59 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\AdventureTools

2010-06-24 05:58 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Application Data\AdventureTools

2010-06-23 20:33 . 2010-06-23 20:33 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\Wizards_of_the_Coast

2010-06-23 18:35 . 2010-06-23 18:35 285 ----a-w- c:\windows\EReg072.dat

2010-06-23 18:35 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll

2010-06-23 18:35 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll

2010-06-23 18:35 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe

2010-06-23 18:35 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll

2010-06-23 18:35 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv

2010-06-23 18:34 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll

2010-06-23 18:34 . 2010-06-23 18:34 4608 ----a-w- c:\windows\system32\w95inf32.dll

2010-06-23 18:34 . 2010-06-23 18:34 2272 ----a-w- c:\windows\system32\w95inf16.dll

2010-06-23 18:33 . 2010-06-23 19:25 -------- d-----w- C:\Sshock2

2010-06-23 17:05 . 2010-06-23 17:05 -------- d-----w- c:\documents and settings\Nathan\Application Data\YoudaGames

2010-06-15 15:20 . 2010-07-11 16:30 -------- d-----w- c:\program files\PeerGuardian2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-11 16:28 . 2010-04-03 21:32 -------- d-----w- c:\documents and settings\Nathan\Application Data\stickies

2010-07-10 17:53 . 2002-08-29 07:27 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys

2010-07-09 17:50 . 2003-12-22 11:37 -------- d-----w- c:\program files\Common Files\Java

2010-07-09 17:49 . 2003-12-22 11:37 -------- d-----w- c:\program files\Java

2010-07-09 17:43 . 2009-04-29 02:51 -------- d-----w- c:\program files\iTunes

2010-07-09 17:42 . 2008-12-25 15:00 -------- d-----w- c:\program files\Common Files\Apple

2010-07-09 17:38 . 2008-02-19 14:19 -------- d-----w- c:\program files\QuickTime

2010-07-08 16:03 . 2006-05-21 22:01 1984 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-08 07:08 . 2006-07-10 03:46 -------- d-----w- c:\program files\RegScrubXP

2010-07-07 04:50 . 2005-01-28 02:43 -------- d-----w- c:\documents and settings\Nathan\Application Data\Azureus

2010-06-28 20:57 . 2010-05-29 17:48 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-05-29 17:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-05-29 17:49 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-05-29 17:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-05-29 17:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-05-29 17:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-05-29 17:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-05-29 17:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-27 06:03 . 2008-09-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone

2010-06-08 17:08 . 2010-06-08 16:58 -------- d-----w- c:\program files\Doom 3

2010-06-08 16:54 . 2010-06-06 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-06-08 16:52 . 2008-08-28 14:34 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-08 16:14 . 2010-06-08 16:14 -------- d-----w- c:\program files\Play+Smile

2010-06-06 21:04 . 2010-06-06 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9

2010-06-06 21:03 . 2010-06-06 21:03 -------- d-----w- c:\documents and settings\Nathan\Application Data\GameHouse

2010-06-06 21:02 . 2010-06-06 21:02 -------- d-----w- c:\program files\GameHouse

2010-06-06 20:10 . 2010-06-06 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2010-06-06 19:40 . 2010-06-06 19:36 -------- d-----w- c:\program files\Common Files\Intuit

2010-06-06 19:36 . 2010-06-06 19:36 -------- d-----w- c:\program files\Intuit

2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11

2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

2010-06-06 19:15 . 2009-08-30 09:28 -------- d-----w- c:\program files\Vuze

2010-06-06 16:49 . 2010-06-06 16:49 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2010-06-06 16:49 . 2003-12-22 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-06 07:59 . 2010-04-01 18:51 -------- d-----w- c:\program files\Mount&Blade Warband

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\program files\Alwil Software

2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cacheman"="c:\progra~1\UTILIT~1\Cacheman\Cacheman.exe" [2003-07-31 1290752]

"Steam"="g:\games\steam\steam.exe" [2010-06-21 1238352]

"Google Update"="c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-07 133104]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Nathan\Start Menu\Programs\Startup\

Stickies.lnk - c:\program files\stickies\stickies.exe [2010-4-3 1101824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk

backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk

backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]

2003-08-29 12:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-07 00:49 133104 ----atw- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-06-12 19:06 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-07-30 14:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-02-13 18:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-02-18 19:44 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-02-18 19:44 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandIcon]

2000-11-13 19:36 131072 ----a-w- c:\program files\Utilities\ImageMate CompactFlash USB\SandIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2008-06-12 19:06 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-04-13 01:25 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Utilities\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\SYSTEM32\\java.exe"=

"c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=

"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=

"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=

"c:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"=

"c:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"g:\\Games\\Steam\\Steam.exe"=

"g:\\Games\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=

"g:\\Games\\Steam\\steamapps\\common\\children of the nile\\CoTN.exe"=

"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=

"g:\\Games\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold unfinished business\\JA2UB.exe"=

"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"=

"g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold\\ja2.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"=

"g:\\Games\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=

"g:\\Games\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=

"g:\\Games\\Steam\\steamapps\\common\\children of the nile alexandria\\CoTN.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=

"g:\\Games\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"<NO NAME>"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/29/2010 10:49 AM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/29/2010 10:49 AM 17744]

R2 MSSQL$CSS;MSSQL$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS [?]

S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [?]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\Nathan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Nathan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gsplittm;gsplittm;\??\c:\docume~1\Nathan\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Nathan\LOCALS~1\Temp\gsplittm.sys [?]

S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS [?]

S3 XAGPCPQ;XAGPCPQ;\??\c:\docume~1\Nathan\LOCALS~1\Temp\XAGPCPQ.SYS --> c:\docume~1\Nathan\LOCALS~1\Temp\XAGPCPQ.SYS [?]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [9/7/2008 6:52 AM 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006Core.job

- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006UA.job

- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49]

2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{DA458596-91FC-40AE-A68A-E1347B15CC0C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?ct=1056755011

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

Trusted Zone: fark.com\www

Trusted Zone: gametab.com\www

Trusted Zone: penny-arcade.com\www

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

FF - ProfilePath - c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\g0rlcp2p.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)

SafeBoot-klmdb.sys

MSConfigStartUp-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe

MSConfigStartUp-ELNKProxy - c:\windows\surfmonkey\smproxy.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe

MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe

MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE

MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe

MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe

MSConfigStartUp-Steam - c:\program files\steam\steam.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-IGN Download Manager - c:\program files\IGN\Download Manager\uninst.exe

AddRemove-InterActual Player - c:\program files\InterActual\InterActual Player\inuninst.exe

AddRemove-Network Addon Mod - c:\documents and settings\Nathan\My Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe

AddRemove-The Forge - c:\windows\unvise32.exe

AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE

AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe

AddRemove-Stainless_Steel_6.0_Part1of2 - c:\program files\Games\Valve\Steam\SteamApps\common\medieval ii total war\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 09:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:59,99,5b,9e,6b,c5,1d,12,78,f2,ca,16,4b,51,e8,b5,eb,4b,02,0b,12,de,f4,

32,5a,db,86,92,30,92,2d,24,fc,2b,93,d7,8f,c4,ff,54,19,a1,50,8a,5b,25,71,1c,\

"??"=hex:b3,69,32,89,1c,89,02,cb,83,10,79,81,53,0d,7d,c8

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\License information*]

"datasecu"=hex:c3,96,c0,f6,ad,1d,0e,7c,63,1d,28,71,0e,1c,2c,98,3c,34,23,c6,a2,

e7,7f,04,a3,3f,14,48,fe,e4,f3,4f,37,e3,83,ea,ac,34,44,db,e9,42,45,a9,c8,92,\

"rkeysecu"=hex:a1,8f,84,98,f6,bf,ab,41,de,99,a4,01,dd,25,a8,3f

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\

Link to post
Share on other sites

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

DDS:
uInternet Settings,ProxyOverride = *.local
Trusted Zone: fark.com\www
Trusted Zone: gametab.com\www
Trusted Zone: penny-arcade.com\www
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

Driver::
XAGPCPQ
gsplittm
cpuz130

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

OK it finished running and rebooted my PC. Here is the logfile from after the reboot:

ComboFix 10-07-10.01 - Nathan 07/11/2010 17:21:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -7:00]

Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Nathan\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CPUZ130

-------\Legacy_GSPLITTM

-------\Legacy_XAGPCPQ

-------\Service_cpuz130

-------\Service_gsplittm

-------\Service_XAGPCPQ

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))

.

2010-07-09 17:50 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-09 17:42 . 2010-07-09 17:42 -------- d-----w- c:\program files\iPod

2010-07-09 17:42 . 2010-07-09 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-09 17:33 . 2010-07-09 17:33 -------- d-----w- c:\program files\Bonjour

2010-07-09 17:29 . 2010-07-09 17:29 -------- d-----w- c:\program files\Apple Software Update

2010-07-08 06:50 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 06:50 . 2010-07-08 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 06:50 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 06:43 . 2010-07-08 06:43 -------- d-----w- C:\spoolerlogs

2010-07-08 05:13 . 2010-07-08 18:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\wtkxkospj

2010-07-08 04:03 . 2010-07-08 04:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-05 18:28 . 2010-07-05 18:28 -------- d-----w- c:\program files\drcode

2010-06-29 17:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-06-24 05:59 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\AdventureTools

2010-06-24 05:58 . 2010-06-24 05:59 -------- d-----w- c:\documents and settings\Nathan\Application Data\AdventureTools

2010-06-23 20:33 . 2010-06-23 20:33 -------- d-----w- c:\documents and settings\Nathan\Local Settings\Application Data\Wizards_of_the_Coast

2010-06-23 18:35 . 2010-06-23 18:35 285 ----a-w- c:\windows\EReg072.dat

2010-06-23 18:35 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll

2010-06-23 18:35 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll

2010-06-23 18:35 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe

2010-06-23 18:35 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll

2010-06-23 18:35 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv

2010-06-23 18:34 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll

2010-06-23 18:34 . 2010-06-23 18:34 4608 ----a-w- c:\windows\system32\w95inf32.dll

2010-06-23 18:34 . 2010-06-23 18:34 2272 ----a-w- c:\windows\system32\w95inf16.dll

2010-06-23 18:33 . 2010-06-23 19:25 -------- d-----w- C:\Sshock2

2010-06-23 17:05 . 2010-06-23 17:05 -------- d-----w- c:\documents and settings\Nathan\Application Data\YoudaGames

2010-06-15 15:20 . 2010-07-12 01:04 -------- d-----w- c:\program files\PeerGuardian2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-12 01:02 . 2010-04-03 21:32 -------- d-----w- c:\documents and settings\Nathan\Application Data\stickies

2010-07-10 17:53 . 2002-08-29 07:27 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys

2010-07-09 17:50 . 2003-12-22 11:37 -------- d-----w- c:\program files\Common Files\Java

2010-07-09 17:49 . 2003-12-22 11:37 -------- d-----w- c:\program files\Java

2010-07-09 17:43 . 2009-04-29 02:51 -------- d-----w- c:\program files\iTunes

2010-07-09 17:42 . 2008-12-25 15:00 -------- d-----w- c:\program files\Common Files\Apple

2010-07-09 17:38 . 2008-02-19 14:19 -------- d-----w- c:\program files\QuickTime

2010-07-08 16:03 . 2006-05-21 22:01 1984 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-08 07:08 . 2006-07-10 03:46 -------- d-----w- c:\program files\RegScrubXP

2010-07-07 04:50 . 2005-01-28 02:43 -------- d-----w- c:\documents and settings\Nathan\Application Data\Azureus

2010-06-28 20:57 . 2010-05-29 17:48 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-05-29 17:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-05-29 17:49 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-05-29 17:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-05-29 17:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-05-29 17:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-05-29 17:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-05-29 17:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-27 06:03 . 2008-09-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone

2010-06-08 17:08 . 2010-06-08 16:58 -------- d-----w- c:\program files\Doom 3

2010-06-08 16:54 . 2010-06-06 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-06-08 16:52 . 2008-08-28 14:34 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-08 16:14 . 2010-06-08 16:14 -------- d-----w- c:\program files\Play+Smile

2010-06-06 21:04 . 2010-06-06 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9

2010-06-06 21:03 . 2010-06-06 21:03 -------- d-----w- c:\documents and settings\Nathan\Application Data\GameHouse

2010-06-06 21:02 . 2010-06-06 21:02 -------- d-----w- c:\program files\GameHouse

2010-06-06 20:10 . 2010-06-06 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2010-06-06 19:40 . 2010-06-06 19:36 -------- d-----w- c:\program files\Common Files\Intuit

2010-06-06 19:36 . 2010-06-06 19:36 -------- d-----w- c:\program files\Intuit

2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11

2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

2010-06-06 19:15 . 2009-08-30 09:28 -------- d-----w- c:\program files\Vuze

2010-06-06 16:49 . 2010-06-06 16:49 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2010-06-06 16:49 . 2003-12-22 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-06 07:59 . 2010-04-01 18:51 -------- d-----w- c:\program files\Mount&Blade Warband

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\program files\Alwil Software

2010-05-29 17:47 . 2010-05-29 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cacheman"="c:\progra~1\UTILIT~1\Cacheman\Cacheman.exe" [2003-07-31 1290752]

"Steam"="g:\games\steam\steam.exe" [2010-06-21 1238352]

"Google Update"="c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-07 133104]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Nathan\Start Menu\Programs\Startup\

Stickies.lnk - c:\program files\stickies\stickies.exe [2010-4-3 1101824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk

backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

path=c:\documents and settings\Nathan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk

backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]

2003-08-29 12:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-07 00:49 133104 ----atw- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-07-30 14:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-02-13 18:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-02-18 19:44 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-02-18 19:44 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandIcon]

2000-11-13 19:36 131072 ----a-w- c:\program files\Utilities\ImageMate CompactFlash USB\SandIcon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Utilities\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Nathan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\SYSTEM32\\java.exe"=

"c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=

"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=

"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=

"c:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"=

"c:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"g:\\Games\\Steam\\Steam.exe"=

"g:\\Games\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=

"g:\\Games\\Steam\\steamapps\\common\\children of the nile\\CoTN.exe"=

"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=

"g:\\Games\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold unfinished business\\JA2UB.exe"=

"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"=

"g:\\Games\\Steam\\steamapps\\common\\jagged alliance 2 gold\\ja2.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"=

"g:\\Games\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=

"g:\\Games\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=

"g:\\Games\\Steam\\steamapps\\common\\children of the nile alexandria\\CoTN.exe"=

"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=

"g:\\Games\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"<NO NAME>"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/29/2010 10:49 AM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/29/2010 10:49 AM 17744]

R2 MSSQL$CSS;MSSQL$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlservr.exe -sCSS [?]

S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [?]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

S3 SQLAgent$CSS;SQLAgent$CSS;c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS --> c:\program files\Microsoft SQL Server\Mssql$CSS\Binn\MSSQL$CSS\Binn\sqlagent.EXE -i CSS [?]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [9/7/2008 6:52 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006Core.job

- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604556705-1947649968-64671406-1006UA.job

- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 00:49]

2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{DA458596-91FC-40AE-A68A-E1347B15CC0C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?ct=1056755011

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

Trusted Zone: fark.com\www

Trusted Zone: gametab.com\www

Trusted Zone: penny-arcade.com\www

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

FF - ProfilePath - c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\g0rlcp2p.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 18:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:59,99,5b,9e,6b,c5,1d,12,78,f2,ca,16,4b,51,e8,b5,eb,4b,02,0b,12,de,f4,

32,5a,db,86,92,30,92,2d,24,fc,2b,93,d7,8f,c4,ff,54,19,a1,50,8a,5b,25,71,1c,\

"??"=hex:b3,69,32,89,1c,89,02,cb,83,10,79,81,53,0d,7d,c8

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\Software\SecuROM\License information*]

"datasecu"=hex:c3,96,c0,f6,ad,1d,0e,7c,63,1d,28,71,0e,1c,2c,98,3c,34,23,c6,a2,

e7,7f,04,a3,3f,14,48,fe,e4,f3,4f,37,e3,83,ea,ac,34,44,db,e9,42,45,a9,c8,92,\

"rkeysecu"=hex:a1,8f,84,98,f6,bf,ab,41,de,99,a4,01,dd,25,a8,3f

[HKEY_USERS\S-1-5-21-2604556705-1947649968-64671406-1006\

Link to post
Share on other sites

Be sure to use secunia nestamon.

Secunia software inspector & update checker

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.