Jump to content

Recommended Posts

I was on the internet and I got a popup saying my PC has been infected. I installed mbam but got the 732 error. Then I fixed the "automatically detect settings" in the internet options, but still get error 732 on mbam-setup.exe when I try to update. The rest of the install goes fine. I try to run a quick scan, but after ~5 seconds, mbam just disappears. I try this 3-4 times before moving on to DeFogger. I disable CD emulation drivers and click ok on the "finished!" message, but I get no message telling me to reboot, it just goes back to the first screen with the disable re-enable buttons. I click Disable again, and then ok at "finished." Again, no reboot message. I then close the window. I download DDS. The command prompt opens up and says its working. ~5 seconds into DDS scan, cmd window disappears. No logs were shown, nothing to save. Just gone. I download GMER Rootkit Scanner, remove the .php off the end and open that, unchecking IAT/EAT, all other were unchecked already. I start scan. ~5 seconds later, GMER window disappears. I tried it again as I wrote this post approx 15 min after my first scan attempt, and it got through the scan saying it found rootkit activity. I have attached ark.txt in a zip file

Also, Internet Explorer 6 and Firefox 3.6.6 wont let me access the web, telling me that "the proxy server is refusing connections" on regular websites, but I can get to secure https sites just fine. I have no problems getting to any website, secure or not, using Netscape 7.1.

I downloaded AVG free 9, but it wont access the internet to update, I get the same "unable to connect" for IE in the AVG window as above.

Any assistance would be greatly appreciated.

ark.zip

Link to post
Share on other sites

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hi and welcome to Malwarebytes,

Download RSIT by random/random and save it to your Desktop.

  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of both logs here in your next reply.

Link to post
Share on other sites

I ran it, didnt get the info.txt. It said it could not access a "bruce.exe" in a trend micro folder.

Log.txt pasted below

Logfile of random's system information tool 1.08 (written by random/random)

Run by Bruce at 2010-07-11 21:08:17

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 30 GB (39%) free of 76 GB

Total RAM: 255 MB (18% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

C:\WINDOWS\tasks\McAfee Cleanup.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (HAL-Bruce).job

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02DCA195-602B-4B1F-83FF-381B7E804BDB}]

C:\WINDOWS\SYSTEM32\HDBHO.dll [2003-07-29 473088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

PCTools Site Guard

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]

PCTools Browser Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{ACB1E670-3217-45C4-A021-6B829A8A27CB}

{1B42D9DA-88F6-4F81-9185-CFD04C6B4DC0}

{0FF60A1A-F846-4CDD-94D5-79ADC20794C8}

{E0E899AB-F487-11D5-8D29-0050BA6940E3}

{0BF43445-2F28-4351-9252-17FE6E806AA0}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-03-28 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

C:\aim\aim.exe [2002-11-13 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-07 496752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-08-02 368720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

C:\Program Files\BoincLogX\boinclogx.exe [2004-06-04 375296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BookedSpace]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

C:\WINDOWS\system32\BridgeDeCor.exe [2002-03-26 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couponsandoffers]

wjview /cp:p C:\Program Files\couponsandoffers\System\Code Main lp: C:\Program Files\couponsandoffers []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

C:\Program Files\D-Tools\daemon.exe [2003-03-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

C:\WINDOWS\DELLMMKB.EXE [2001-09-23 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOY]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

C:\Program Files\dvd43\dvd43_tray.exe [2003-12-04 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

wjview /cp:p C:\Program Files\EbatesMoeMoneyMaker\System\Code Main lp: C:\Program Files\EbatesMoeMoneyMaker []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehuslyiw]

C:\Documents and Settings\Bruce\Local Settings\Application Data\kscntjkyx\iacbdyhtssd.exe [2010-07-10 506112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsw.exe]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

C:\Program Files\Eraser\eraser.exe [2002-02-04 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTBLVDQI]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCMWEJUB]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEDriver]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

C:\Program Files\Microsoft IntelliPoint\point32.exe [2003-05-15 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

C:\PROGRA~1\INSTAN~2\INSTAN~1\IWCTRL.EXE [2002-08-14 505217]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeenValue]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

?????? ?????? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-09-24 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [2002-06-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 184376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

C:\Program Files\Netscape\Netscape 6\Netscp.exe [2003-06-24 568096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2003-07-11 4182016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

C:\Program Files\Common Files\Nokia\NCLTools\NCLConf.exe [2001-08-09 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

C:\WINDOWS\system32\PD6000SM.EXE [2003-06-16 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premeter]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-05-07 99480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

C:\Program Files\PivX\Qwik-Fix\\qfui.exe [2004-12-07 1372160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

\realplay.exe /RunUPGToolCommandReBoot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-07-15 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-10-22 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

?????? ?????? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sentry]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

C:\Program Files\Log9x\log9x.exe [2003-03-23 369664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

c:\program files\steam\steam.exe [2005-05-21 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcmon]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

C:\Program Files\Support.com\bin\tgcmd.exe [2002-07-15 1544192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2002-11-28 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Temperature]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\Updreg.exe [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WP Companion]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPContactList]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XupiterToolbarLoader]

C:\Program Files\Xupiter\\XupiterToolbarLoader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Patrick\Messenger\ypager.exe [2005-12-08 3096576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

C:\Program Files\Google\Gmail Notifier\gnotify.exe [2004-10-01 475136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

C:\PROGRA~1\AMERIC~4.0\aoltray.exe [2004-05-07 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE [2004-05-07 250992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

C:\PROGRA~1\SIERRA~1\IMAGEE~1\IXApplet.exe [2001-08-30 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2006-11-10 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

C:\PROGRA~1\GetRight\getright.exe [2003-07-07 1875968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-06-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

C:\PROGRA~1\ITSDED~1\ItsD7.exe [2003-11-03 3112960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2003-06-25 614531]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

C:\PROGRA~1\Kodak\KODAKS~1\7288971\614~1.37-\Program\runner.exe [2003-06-08 16432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-12-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll [2004-08-04 239616]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0x5F000000

""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Common Files\CUseeMe Networks Shared\CUCore.exe"="C:\Program Files\Common Files\CUseeMe Networks Shared\CUCore.exe:*:Enabled:Core Server"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

"C:\aim\aim.exe"="C:\aim\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\Common Files\First Coast News NOW\TrueWeather.exe"="C:\Program Files\Common Files\First Coast News NOW\TrueWeather.exe:*:Enabled:TrueWeather"

"C:\Program Files\CU-SEEME\cuseem32.exe"="C:\Program Files\CU-SEEME\cuseem32.exe:*:Enabled:32-Bit CU-SeeMe for Windows 95/Windows NT"

"C:\Program Files\Kazaa K++\Kazaa.kpp"="C:\Program Files\Kazaa K++\Kazaa.kpp:*:Enabled:Kazaa Media Desktop"

"C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe"="C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe:*:Enabled:ccpm_exe Module"

"C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe:*:Enabled:Netscape"

"C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe"="C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\Common Files\AOL\1124741603\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124741603\ee\AOLServiceHost.exe:*:Enabled:AOL Services"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Patrick\Messenger\YPager.exe"="C:\Patrick\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Patrick\Messenger\YServer.exe"="C:\Patrick\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\JM\JMeeting.com.exe"="C:\Program Files\JM\JMeeting.com.exe:*:Enabled:LaunchAnywhere GUI"

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"

"C:\DVD\utorrent.exe"="C:\DVD\utorrent.exe:*:Enabled:

Link to post
Share on other sites

I had some trouble running combofix but I got it working in safe mode. When I first ran it, my desktop disappeared and i got a blank error message with just a question mark speech bubble (like the one in the disclaimer message) and an OK button. It sat for awhile and started working again. I had to download the system restore and it installed automatically. I then got a message stating "combofix has detected the presence of rootkit activity and needs to reload the machine." after that it rebooted and windows started loading then it bluescreened, and rebooted again and asked if I wanted to start in recovery mode which i let time out then it went to the screen where you can choose to start in safe mode or normal mode, where I let it time out and it started windows which then bluescreened again. I let the cycle continue for awhile, then told it to start in safe mode. I logged into administrator then combofix backed up my registry. It did not change my clock format, but finished all the stages successfully.

I just want to make sure it was ok to run combofix in safe mode.

combofix log.txt and dds.txt pasted, dds attach.txt zip attached

ComboFix 10-07-11.03 - Administrator 07/12/2010 19:15:04.1.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.94 [GMT -4:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\documents\setup.exe

c:\documents and settings\Bruce\Local Settings\Application Data\kscntjkyx

c:\documents and settings\Bruce\Local Settings\Application Data\kscntjkyx\iacbdyhtssd.exe

c:\documents and settings\Stephanie\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}

c:\program files\INSTALL.LOG

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\INSTALL.LOG

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\Uninstall.exe

C:\Thumbs.db

c:\windows\command

c:\windows\command\Circles.bmp

c:\windows\daemon.dll

c:\windows\Debug\dcpromo.log

c:\windows\desktop

c:\windows\desktop\Install America Online - Free Trial.lnk

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8.inf

c:\windows\Downloaded Program Files\Temp

c:\windows\inf\MSView.inf

c:\windows\system\msvbvm60.dll

c:\windows\system32\14_43260.dll

c:\windows\system32\28_83260.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\lsprst7.dll

c:\windows\system32\Memman.vxd

c:\windows\system32\Packet.dll

c:\windows\system32\pics

c:\windows\system32\pics\1stop florist.jpg

c:\windows\system32\pics\adventuretravel12.gif

c:\windows\system32\pics\airlinetickets1.gif

c:\windows\system32\pics\amazon.gif

c:\windows\system32\pics\auction.gif

c:\windows\system32\pics\auto.gif

c:\windows\system32\pics\autoclassifieds.gif

c:\windows\system32\pics\autoinsurance.gif

c:\windows\system32\pics\bankruptcy1.gif

c:\windows\system32\pics\bankruptcy12.gif

c:\windows\system32\pics\bargain.com

c:\windows\system32\pics\basketball.gif

c:\windows\system32\pics\bevmo.gif

c:\windows\system32\pics\blackjack.gif

c:\windows\system32\pics\books.gif

c:\windows\system32\pics\books1.gif

c:\windows\system32\pics\caraudio.gif

c:\windows\system32\pics\caraudio1.gif

c:\windows\system32\pics\cardgames.gif

c:\windows\system32\pics\carinsurance.gif

c:\windows\system32\pics\carprices.gif

c:\windows\system32\pics\cars.gif

c:\windows\system32\pics\casinos.gif

c:\windows\system32\pics\cds.gif

c:\windows\system32\pics\cellphones.gif

c:\windows\system32\pics\chat.gif

c:\windows\system32\pics\computergames.gif

c:\windows\system32\pics\computers.gif

c:\windows\system32\pics\computers1.gif

c:\windows\system32\pics\cooking.gif

c:\windows\system32\pics\crafts.gif

c:\windows\system32\pics\creditcards.gif

c:\windows\system32\pics\creditcards1.gif

c:\windows\system32\pics\cruises.gif

c:\windows\system32\pics\debt1.gif

c:\windows\system32\pics\debt123.gif

c:\windows\system32\pics\debtconsolidation1.gif

c:\windows\system32\pics\debtconsolidation123.gif

c:\windows\system32\pics\diet.gif

c:\windows\system32\pics\digitalcamcorders.gif

c:\windows\system32\pics\digitalcameras.gif

c:\windows\system32\pics\downloadmusic.gif

c:\windows\system32\pics\dvd.gif

c:\windows\system32\pics\ebay.gif

c:\windows\system32\pics\electronics.gif

c:\windows\system32\pics\electronics1.gif

c:\windows\system32\pics\entertainment.gif

c:\windows\system32\pics\entertainment1.gif

c:\windows\system32\pics\finance.gif

c:\windows\system32\pics\finance1.gif

c:\windows\system32\pics\finance12.gif

c:\windows\system32\pics\fishing.gif

c:\windows\system32\pics\fitness.gif

c:\windows\system32\pics\fitness1.gif

c:\windows\system32\pics\flowers.gif

c:\windows\system32\pics\franklin covey.jpg

c:\windows\system32\pics\furniture.gif

c:\windows\system32\pics\furniture1.gif

c:\windows\system32\pics\furniture12.gif

c:\windows\system32\pics\gambling.gif

c:\windows\system32\pics\gambling1.gif

c:\windows\system32\pics\gambling12.gif

c:\windows\system32\pics\games.gif

c:\windows\system32\pics\gardening.gif

c:\windows\system32\pics\giftbaskets1.gif

c:\windows\system32\pics\gifts.gif

c:\windows\system32\pics\golf.gif

c:\windows\system32\pics\golf1.gif

c:\windows\system32\pics\health.gif

c:\windows\system32\pics\health1.gif

c:\windows\system32\pics\healthinsurance.gif

c:\windows\system32\pics\hobbies1.gif

c:\windows\system32\pics\hobbytron.gif

c:\windows\system32\pics\hockey.gif

c:\windows\system32\pics\homebuying.gif

c:\windows\system32\pics\homedecorating.gif

c:\windows\system32\pics\homeimprovement.gif

c:\windows\system32\pics\homeloan12.gif

c:\windows\system32\pics\hotels.gif

c:\windows\system32\pics\insurance.gif

c:\windows\system32\pics\internet.gif

c:\windows\system32\pics\investing.gif

c:\windows\system32\pics\jewelry.gif

c:\windows\system32\pics\jokes.gif

c:\windows\system32\pics\lifeinsurance.gif

c:\windows\system32\pics\loans.gif

c:\windows\system32\pics\maps.gif

c:\windows\system32\pics\money.gif

c:\windows\system32\pics\mortgage.gif

c:\windows\system32\pics\movies.gif

c:\windows\system32\pics\mp3.gif

c:\windows\system32\pics\mp31.gif

c:\windows\system32\pics\music.gif

c:\windows\system32\pics\music1.gif

c:\windows\system32\pics\nutrition.gif

c:\windows\system32\pics\onlinecasino.gif

c:\windows\system32\pics\onlinegambling.gif

c:\windows\system32\pics\outdoordecor.jpg

c:\windows\system32\pics\overstock.gif

c:\windows\system32\pics\palm.gif

c:\windows\system32\pics\peoplesearch.gif

c:\windows\system32\pics\poker.gif

c:\windows\system32\pics\posters.gif

c:\windows\system32\pics\posters1.gif

c:\windows\system32\pics\projectors.gif

c:\windows\system32\pics\realestate.gif

c:\windows\system32\pics\realestate1.gif

c:\windows\system32\pics\scr.htm

c:\windows\system32\pics\scr.js

c:\windows\system32\pics\shindigz.gif

c:\windows\system32\pics\shoes.gif

c:\windows\system32\pics\shopping.gif

c:\windows\system32\pics\shopping1.gif

c:\windows\system32\pics\shopping12.gif

c:\windows\system32\pics\shp_vert.gif

c:\windows\system32\pics\software.gif

c:\windows\system32\pics\sports.gif

c:\windows\system32\pics\sports1.gif

c:\windows\system32\pics\stocks1.gif

c:\windows\system32\pics\the sports authority.gif

c:\windows\system32\pics\topsites.gif

c:\windows\system32\pics\toys.gif

c:\windows\system32\pics\toys1.gif

c:\windows\system32\pics\travel.gif

c:\windows\system32\pics\travel1.gif

c:\windows\system32\pics\v_auto.gif

c:\windows\system32\pics\v_electronics.gif

c:\windows\system32\pics\v_entertainment.gif

c:\windows\system32\pics\v_finance.gif

c:\windows\system32\pics\v_gambling.gif

c:\windows\system32\pics\v_health.gif

c:\windows\system32\pics\v_hobbies.gif

c:\windows\system32\pics\v_internet.gif

c:\windows\system32\pics\v_music.gif

c:\windows\system32\pics\v_realestate.gif

c:\windows\system32\pics\v_shopping.gif

c:\windows\system32\pics\v_sports.gif

c:\windows\system32\pics\v_topsites.gif

c:\windows\system32\pics\v_travel.gif

c:\windows\system32\pics\vacations.gif

c:\windows\system32\pics\vert.gif

c:\windows\system32\pics\viagra.gif

c:\windows\system32\pics\visiondirect.gif

c:\windows\system32\pics\walter drake.gif

c:\windows\system32\pics\webdesign.gif

c:\windows\system32\pics\webhosting.gif

c:\windows\system32\pics\weddinggifts.gif

c:\windows\system32\pics\weightloss.gif

c:\windows\system32\pics\womenshealth.gif

c:\windows\system32\pthreadVC.dll

c:\windows\system32\skinboxer43.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\wpcap.dll

c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\DRIVERS\tcpip.sys was found and disinfected

Restored copy from - Kitty had a snack :(

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Service_Iprip

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))

.

2010-07-12 17:04 . 2006-01-13 17:07 360448 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 02:08 . 2010-07-12 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO

2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\RegSERVO

2010-07-11 19:49 . 2010-07-11 19:49 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33 . 2010-07-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-07-11 19:29 . 2010-07-11 19:29 -------- d-----w- c:\program files\Common Files\iS3

2010-07-11 19:29 . 2010-07-12 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-07-11 13:59 . 2010-07-11 23:01 -------- d-----w- c:\program files\trend micro

2010-07-11 13:59 . 2010-07-11 13:59 -------- d-----w- C:\rsit

2010-07-11 13:48 . 2010-07-11 13:48 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Malwarebytes

2010-07-10 23:51 . 2010-07-10 23:51 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Threat Expert

2010-07-10 22:08 . 2010-07-10 22:08 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Threat Expert

2010-07-10 21:46 . 2010-07-11 00:21 -------- d-----w- c:\program files\Spyware Doctor

2010-07-10 21:46 . 2010-07-11 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-10 17:18 . 2010-07-10 17:18 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Malwarebytes

2010-07-10 17:00 . 2010-07-10 17:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59 . 2010-07-11 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59 . 2010-07-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-01 17:33 . 2010-07-01 17:40 -------- d-----w- c:\program files\AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-12 12:41 . 2009-10-19 15:07 0 ----a-r- c:\windows\win32k.sys

2010-07-11 22:57 . 2010-07-11 22:57 976832 ------w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31884\AdobeARM.exe

2010-07-11 22:57 . 2010-07-11 22:57 331176 ------w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31884\AcrobatUpdater.exe

2010-07-11 22:45 . 2010-07-11 22:45 70584 ------w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\29575\AdobeExtractFiles.dll

2010-07-11 19:52 . 2010-07-11 19:51 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-11 18:26 . 2010-07-11 18:26 331176 ------w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11687\AcrobatUpdater.exe

2010-07-11 13:12 . 2010-07-11 13:12 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcp71.dll

2010-07-11 13:12 . 2010-07-11 13:11 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\jmc.dll

2010-07-11 13:11 . 2010-07-11 13:11 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcr71.dll

2010-07-11 13:11 . 2010-07-11 13:11 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-sse.dll

2010-07-11 13:11 . 2010-07-11 13:11 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-d3d.dll

2010-07-10 23:46 . 2003-02-19 02:56 104584 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-10 18:03 . 2002-11-12 03:57 -------- d-----w- c:\program files\McAfee

2010-07-10 15:12 . 2002-01-12 23:56 104584 -c--a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 22:41 . 2010-06-28 22:41 503808 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcp71.dll

2010-06-28 22:41 . 2010-06-28 22:41 499712 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\jmc.dll

2010-06-28 22:41 . 2010-06-28 22:41 348160 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcr71.dll

2010-06-28 22:41 . 2010-06-28 22:41 61440 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-sse.dll

2010-06-28 22:41 . 2010-06-28 22:41 12800 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-d3d.dll

2010-06-17 18:22 . 2010-06-17 18:22 53248 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\IeEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 188416 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\MozEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 110592 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\jdic.dll

2010-05-27 15:17 . 2010-05-27 15:17 666112 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll

2010-05-24 22:38 . 2010-05-24 22:38 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcp71.dll

2010-05-24 22:38 . 2010-05-24 22:38 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\jmc.dll

2010-05-24 22:38 . 2010-05-24 22:38 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcr71.dll

2010-05-24 22:38 . 2010-05-24 22:38 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-sse.dll

2010-05-24 22:38 . 2010-05-24 22:38 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-d3d.dll

2010-05-04 01:55 . 2009-03-12 16:15 813872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2004-04-14 09:45 . 2004-07-28 14:41 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39 . 2002-02-23 18:38 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17 . 2002-02-17 09:17 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07 . 2002-01-31 00:06 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50 . 2002-01-12 02:38 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02 . 2002-01-12 01:39 55467 ----a-w- c:\program files\FastTune.exe

2010-02-12 16:30 . 2010-02-12 16:30 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2007-01-03 11:09 . 2007-05-19 15:05 214616 ----a-w- c:\program files\mozilla firefox\components\FFHook.dll

2010-02-12 16:30 . 2010-02-12 16:30 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

2002-08-01 00:55 . 2006-02-05 14:25 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56 . 2004-12-10 14:04 12208 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2004-05-13 19:53 . 2004-05-12 22:51 71 --sha-w- c:\windows\SYSTEM32\SYSDRVWC.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Patrick\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 6.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

backup=c:\windows\pss\BOINC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

backup=c:\windows\pss\Fidelity CorpRAS VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

backup=c:\windows\pss\First Coast News NOW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

backup=c:\windows\pss\ItsDeductible7PopUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

backup=c:\windows\pss\KeenValue.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

backup=c:\windows\pss\ZoneAlarm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

?????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

?????? [?]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BookedSpace

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

BridgeDeCor.exe [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couponsandoffers]

wjview [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

wjview [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTBLVDQI

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCMWEJUB

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEDriver

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeenValue

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premeter

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sentry

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcmon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Temperature

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WP Companion

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPContactList

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

2001-03-28 07:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\aim\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2004-04-07 16:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-08-30 20:05 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-08-02 17:33 368720 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

2004-06-05 03:12 375296 ----a-w- c:\program files\BoincLogX\boinclogx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2003-03-12 23:41 77824 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

2001-09-23 13:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2003-12-04 07:50 271360 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2002-02-04 23:58 487424 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

2002-08-14 20:09 505217 ----a-w- c:\progra~1\INSTAN~2\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 14:39 98304 ----a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

2002-06-13 19:01 49152 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

2003-06-24 16:09 568096 ----a-w- c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2003-07-11 18:57 4182016 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

2001-08-09 19:51 135168 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-10-06 18:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

2003-06-16 19:14 266240 ----a-w- c:\windows\SYSTEM32\PD6000SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

2004-05-07 20:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

2004-12-07 07:50 1372160 ----a-w- c:\program files\PivX\Qwik-Fix\qfui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

2003-07-15 16:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2003-10-23 00:15 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

2003-03-24 00:33 369664 ----a-w- c:\program files\Log9x\log9x.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2005-05-22 01:08 1241088 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-03 11:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2002-07-15 17:48 1544192 -c--a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2002-11-28 22:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-12-08 18:55 3096576 ----a-w- c:\patrick\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2004-10-01 23:03 475136 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\aim\\aim.exe"=

"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=

"c:\\Patrick\\Messenger\\YPager.exe"=

"c:\\Patrick\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\DVD\\utorrent.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\SBWIZARD\\SBWIZARD.EXE"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Sun\\Java\\Deployment\\cache\\javaws\\http\\Dbaliweb.etrade.com\\P80\\DMbalicli_alt1\\RNjdic-windows.jar\\IeEmbed.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 Asapi;ASAPI;c:\windows\SYSTEM32\DRIVERS\asapi.sys [4/20/2003 11:21 AM 10240]

R1 cdrdrv;cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [4/20/2003 11:21 AM 61440]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [4/20/2003 11:21 AM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [4/20/2003 11:21 AM 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\SYSTEM32\AgentCD.sys [1/7/2002 10:21 AM 196096]

R2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [12/20/2009 1:14 PM 266240]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 8:00 AM 14336]

R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [1/7/2002 10:23 AM 64512]

R3 Dvd43;Dvd43;c:\windows\SYSTEM32\DRIVERS\Dvd43.sys [10/17/2004 9:04 PM 26048]

R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]

R3 st3tgbus;st3tgbus;c:\windows\SYSTEM32\DRIVERS\st3tgbus.sys [3/12/2003 7:37 PM 8640]

R3 st3tiger;st3tiger;c:\windows\SYSTEM32\DRIVERS\st3tiger.sys [3/12/2003 7:38 PM 99168]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:59 AM 135664]

S2 Mojave;Dazzle Mojave Device;c:\windows\SYSTEM32\DRIVERS\Mojave.sys [1/7/2002 10:21 AM 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

S3 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/6/2001 3:41 PM 28672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\setup.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:58]

2010-07-12 c:\windows\Tasks\RegSERVO.job

- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-07-13 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-01-07 13:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dellnet.com

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Coupons - file://c:\program files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{1B42D9DA-88F6-4F81-9185-CFD04C6B4DC0} - (no file)

Toolbar-{0FF60A1A-F846-4CDD-94D5-79ADC20794C8} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{1B42D9DA-88F6-4F81-9185-CFD04C6B4DC0} - (no file)

MSConfigStartUp-ehuslyiw - c:\documents and settings\Bruce\Local Settings\Application Data\kscntjkyx\iacbdyhtssd.exe

MSConfigStartUp-emsw - (no file)

MSConfigStartUp-HELPEXP - (no file)

MSConfigStartUp-HXIUL - (no file)

MSConfigStartUp-RealPlayer - %APP_PATH::RealPlay.exe%\realplay.exe

MSConfigStartUp-XupiterToolbarLoader - c:\program files\Xupiter\\XupiterToolbarLoader.exe

AddRemove-Covert Operations - c:\program files\Red Storm Entertainment\Covert Operations\Uninst.isu

AddRemove-Covert Operations Training - c:\program files\Red Storm Entertainment\Covert Operations Training\DeIsL1.isu

AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu

AddRemove-CU-SeeMe Pro - c:\program files\CUseeMe\Uninst.isu

AddRemove-CUSeeMe31DeinstKey - c:\program files\CU-SeeMe\DeIsL5.isu

AddRemove-Eye of the Storm Screen Saver - c:\program files\Starstone Software Systems

AddRemove-MidiNotate - c:\freakin\midi\Uninst.isu

AddRemove-MP3 WAV Converter 2.68 - c:\patrick\NEWFOL~1\MP3WAV~1\MP3WAV~1\UNWISE.EXE

AddRemove-Rogue Spear - c:\program files\Red Storm Entertainment\Rogue Spear\Uninst.isu

AddRemove-SGC1_1.1 - e:\death rally\sgames\DeIsL2.isu

AddRemove-SimCopterv1.0 - c:\maxis\SimCopter\DeIsL4.isu

AddRemove-Urban Operations - c:\program files\Red Storm Entertainment\Rogue Spear\Uninstuo.isu

AddRemove-WChat - e:\westwood\WWONLINE\UNINSTWC.EXE

AddRemove-WinDAC32 - c:\progra~1\WinDAC32\uninst.exe

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82266120]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf9b6cfc3

\Driver\ACPI -> ACPI.sys @ 0xf9adfcb8

\Driver\atapi -> 0x82266120

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf99a5bc3

PacketIndicateHandler -> NDIS.sys @ 0xf99b1b21

SendHandler -> NDIS.sys @ 0xf99a5d33

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1176)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

- - - - - - - > 'lsass.exe'(1240)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(740)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\devldr32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Cisco Systems\VPN client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\System32\nvsvc32.exe

c:\program files\PivX\Qwik-Fix\qfloadsvc.exe

c:\windows\System32\ScsiAccess.EXE

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-07-12 20:07:28 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-13 00:07

Pre-Run: 31,402,577,920 bytes free

Post-Run: 33,482,121,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 9E0E154876F30B4CF96DBF980C386710

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bruce at 20:11:27.68 on Mon 07/12/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.46 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\PackethSvc.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\system32\CSHelper.exe

c:\Program Files\Cisco Systems\VPN client\cvpnd.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PivX\Qwik-Fix\qfloadsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Bruce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.dellnet.com

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: : {02dca195-602b-4b1f-83ff-381b7e804bdb} - c:\windows\system32\HDBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - PCTools Site Guard

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll

TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

uPolicies-explorer: <NO NAME> =

IE: Coupons - file://c:\program files\couponsandoffers\system\temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\xi\nettransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\xi\nettransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {44EFB53C-C965-43CF-9F45-52242D134187}

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\aim\aim.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\patrick\messenger\yhexbmes0411.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268711596765

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268711561421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37273.4871412037

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - hxxp://fdl.msn.com/public/chat/msnchat4.cab

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\xcrtem9u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\documents and settings\bruce\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 Asapi;ASAPI;c:\windows\system32\drivers\asapi.sys [2003-4-20 10240]

R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2003-4-20 61440]

R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2003-4-20 9728]

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-4-20 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2002-1-7 196096]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-12-20 266240]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]

R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2002-1-7 64512]

R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [2004-10-17 26048]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2000-10-3 6942]

R3 st3tgbus;st3tgbus;c:\windows\system32\drivers\st3tgbus.sys [2003-3-12 8640]

R3 st3tiger;st3tiger;c:\windows\system32\drivers\st3tiger.sys [2003-3-12 99168]

S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]

S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2002-1-7 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

S3 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-8-6 28672]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-3 280344]

=============== Created Last 30 ================

2010-07-12 23:56:20 73 ----a-w- c:\windows\system32\ssprs.dll

2010-07-12 23:56:19 14 ----a-w- c:\windows\system32\tmpPrst.tgz

2010-07-12 23:56:19 0 ----a-w- c:\windows\system32\tmpPrst.dll

2010-07-12 23:56:19 0 ----a-w- c:\windows\system32\lsprst7.dll

2010-07-12 17:04:40 360448 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 16:55:07 0 d-sha-r- C:\cmdcons

2010-07-12 16:47:34 77312 ----a-w- c:\windows\MBR.exe

2010-07-12 16:47:34 256512 ----a-w- c:\windows\PEV.exe

2010-07-12 16:47:34 161792 ----a-w- c:\windows\SWREG.exe

2010-07-12 16:47:33 98816 ----a-w- c:\windows\sed.exe

2010-07-12 02:08:02 0 d-----w- c:\docume~1\alluse~1\applic~1\RegSERVO

2010-07-12 02:07:47 0 d-----w- c:\program files\RegSERVO

2010-07-11 19:51:31 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-11 19:49:50 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard

2010-07-11 19:29:22 0 d-----w- c:\program files\common files\iS3

2010-07-11 19:29:03 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-07-11 13:59:38 0 d-----w- c:\program files\trend micro

2010-07-10 21:49:38 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-07-10 21:49:38 1652688 ----a-w- c:\windows\PCTBDCore.dll.old

2010-07-10 21:46:44 0 d-----w- c:\program files\Spyware Doctor

2010-07-10 18:12:01 0 ----a-w- c:\documents and settings\bruce\defogger_reenable

2010-07-10 17:00:22 0 d-----w- c:\docume~1\bruce\applic~1\Malwarebytes

2010-07-10 16:59:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-10 16:59:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-01 17:33:19 0 d-----w- c:\program files\AVG

==================== Find3M ====================

2004-04-14 09:45:14 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39:00 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17:33 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07:51 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50:24 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02:26 55467 ----a-w- c:\program files\FastTune.exe

2002-08-01 00:55:12 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56:06 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

2004-05-13 19:53:07 71 --sha-w- c:\windows\system32\SYSDRVWC.SYS

============= FINISH: 20:12:31.95 ===============

attach.zip

Link to post
Share on other sites

  • Staff
I just want to make sure it was ok to run combofix in safe mode.
Yes that's fine, but however, it's showing severe infections. We have to work quickly to remove them all.

Please disconnect this computer entirely from the Internet for the duration of the fix, so malware cannot regenerate. Transfer necessary tools from a known clean computer when requested.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

First, I would like to thank you for all the time you have spent helping me to resolve this problem. It is greatly appreciated.

I got a message stating "combofix has detected the presence of rootkit activity and needs to reload the machine." after that it rebooted and windows started loading then it bluescreened, and rebooted again and asked if I wanted to start in recovery mode which i let time out then it went to the screen where you can choose to start in safe mode or normal mode, where I let it time out and it started windows which then bluescreened again. I let the cycle continue for awhile, then told it to start in safe mode. I logged into administrator then combofix backed up my registry. It did not change my clock format, but finished all the stages successfully.

ComboFix 10-07-15.05 - Administrator 07/16/2010 22:47:52.4.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.108 [GMT -4:00]

Running from: H:\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\tmpPrst.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))

.

2010-07-16 17:40 . 2010-07-16 17:40 -------- d-----w- c:\documents and settings\Administrator.HAL\Local Settings\Application Data\Mozilla

2010-07-12 17:04 . 2006-01-13 17:07 360448 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 02:08 . 2010-07-12 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO

2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\RegSERVO

2010-07-11 19:49 . 2010-07-11 19:49 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33 . 2010-07-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-07-11 19:29 . 2010-07-11 19:29 -------- d-----w- c:\program files\Common Files\iS3

2010-07-11 19:29 . 2010-07-12 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-07-11 13:59 . 2010-07-11 23:01 -------- d-----w- c:\program files\trend micro

2010-07-11 13:59 . 2010-07-11 13:59 -------- d-----w- C:\rsit

2010-07-11 13:48 . 2010-07-11 13:48 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Malwarebytes

2010-07-10 23:51 . 2010-07-10 23:51 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Threat Expert

2010-07-10 22:08 . 2010-07-10 22:08 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Threat Expert

2010-07-10 21:46 . 2010-07-11 00:21 -------- d-----w- c:\program files\Spyware Doctor

2010-07-10 21:46 . 2010-07-11 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-10 17:18 . 2010-07-10 17:18 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Malwarebytes

2010-07-10 17:00 . 2010-07-10 17:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59 . 2010-07-11 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59 . 2010-07-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-01 17:33 . 2010-07-01 17:40 -------- d-----w- c:\program files\AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-12 12:41 . 2009-10-19 15:07 0 ----a-r- c:\windows\win32k.sys

2010-07-11 19:52 . 2010-07-11 19:51 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-11 13:12 . 2010-07-11 13:12 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcp71.dll

2010-07-11 13:12 . 2010-07-11 13:11 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\jmc.dll

2010-07-11 13:11 . 2010-07-11 13:11 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcr71.dll

2010-07-11 13:11 . 2010-07-11 13:11 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-sse.dll

2010-07-11 13:11 . 2010-07-11 13:11 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-d3d.dll

2010-07-10 23:46 . 2003-02-19 02:56 104584 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-10 18:03 . 2002-11-12 03:57 -------- d-----w- c:\program files\McAfee

2010-07-10 15:12 . 2002-01-12 23:56 104584 -c--a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 22:41 . 2010-06-28 22:41 503808 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcp71.dll

2010-06-28 22:41 . 2010-06-28 22:41 499712 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\jmc.dll

2010-06-28 22:41 . 2010-06-28 22:41 348160 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcr71.dll

2010-06-28 22:41 . 2010-06-28 22:41 61440 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-sse.dll

2010-06-28 22:41 . 2010-06-28 22:41 12800 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-d3d.dll

2010-06-17 18:22 . 2010-06-17 18:22 53248 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\IeEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 188416 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\MozEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 110592 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\jdic.dll

2010-05-27 15:17 . 2010-05-27 15:17 666112 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll

2010-05-24 22:38 . 2010-05-24 22:38 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcp71.dll

2010-05-24 22:38 . 2010-05-24 22:38 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\jmc.dll

2010-05-24 22:38 . 2010-05-24 22:38 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcr71.dll

2010-05-24 22:38 . 2010-05-24 22:38 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-sse.dll

2010-05-24 22:38 . 2010-05-24 22:38 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-d3d.dll

2010-05-04 01:55 . 2009-03-12 16:15 813872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2004-04-14 09:45 . 2004-07-28 14:41 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39 . 2002-02-23 18:38 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17 . 2002-02-17 09:17 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07 . 2002-01-31 00:06 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50 . 2002-01-12 02:38 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02 . 2002-01-12 01:39 55467 ----a-w- c:\program files\FastTune.exe

2010-02-12 16:30 . 2010-02-12 16:30 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2007-01-03 11:09 . 2007-05-19 15:05 214616 ----a-w- c:\program files\mozilla firefox\components\FFHook.dll

2010-02-12 16:30 . 2010-02-12 16:30 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

2002-08-01 00:55 . 2006-02-05 14:25 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56 . 2004-12-10 14:04 12208 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2004-05-13 19:53 . 2004-05-12 22:51 71 --sha-w- c:\windows\SYSTEM32\SYSDRVWC.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Patrick\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 6.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

backup=c:\windows\pss\BOINC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

backup=c:\windows\pss\Fidelity CorpRAS VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

backup=c:\windows\pss\First Coast News NOW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

backup=c:\windows\pss\ItsDeductible7PopUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

backup=c:\windows\pss\KeenValue.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

backup=c:\windows\pss\ZoneAlarm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

?????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

?????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

BridgeDeCor.exe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couponsandoffers]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

2001-03-28 07:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\aim\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2004-04-07 16:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-08-30 20:05 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-08-02 17:33 368720 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

2004-06-05 03:12 375296 ----a-w- c:\program files\BoincLogX\boinclogx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2003-03-12 23:41 77824 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

2001-09-23 13:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2003-12-04 07:50 271360 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2002-02-04 23:58 487424 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

2002-08-14 20:09 505217 ----a-w- c:\progra~1\INSTAN~2\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 14:39 98304 ----a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

2002-06-13 19:01 49152 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

2003-06-24 16:09 568096 ----a-w- c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2003-07-11 18:57 4182016 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

2001-08-09 19:51 135168 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-10-06 18:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

2003-06-16 19:14 266240 ----a-w- c:\windows\SYSTEM32\PD6000SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

2004-05-07 20:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

2004-12-07 07:50 1372160 ----a-w- c:\program files\PivX\Qwik-Fix\qfui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

2003-07-15 16:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2003-10-23 00:15 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

2003-03-24 00:33 369664 ----a-w- c:\program files\Log9x\log9x.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2005-05-22 01:08 1241088 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-03 11:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2002-07-15 17:48 1544192 -c--a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2002-11-28 22:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-12-08 18:55 3096576 ----a-w- c:\patrick\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2004-10-01 23:03 475136 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\aim\\aim.exe"=

"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=

"c:\\Patrick\\Messenger\\YPager.exe"=

"c:\\Patrick\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\DVD\\utorrent.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\SBWIZARD\\SBWIZARD.EXE"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Sun\\Java\\Deployment\\cache\\javaws\\http\\Dbaliweb.etrade.com\\P80\\DMbalicli_alt1\\RNjdic-windows.jar\\IeEmbed.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 Asapi;ASAPI;c:\windows\SYSTEM32\DRIVERS\asapi.sys [4/20/2003 11:21 AM 10240]

R1 cdrdrv;cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [4/20/2003 11:21 AM 61440]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [4/20/2003 11:21 AM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [4/20/2003 11:21 AM 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\SYSTEM32\AgentCD.sys [1/7/2002 10:21 AM 196096]

R2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [12/20/2009 1:14 PM 266240]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 8:00 AM 14336]

R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [1/7/2002 10:23 AM 64512]

R3 Dvd43;Dvd43;c:\windows\SYSTEM32\DRIVERS\Dvd43.sys [10/17/2004 9:04 PM 26048]

R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]

R3 st3tgbus;st3tgbus;c:\windows\SYSTEM32\DRIVERS\st3tgbus.sys [3/12/2003 7:37 PM 8640]

R3 st3tiger;st3tiger;c:\windows\SYSTEM32\DRIVERS\st3tiger.sys [3/12/2003 7:38 PM 99168]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:59 AM 135664]

S2 Mojave;Dazzle Mojave Device;c:\windows\SYSTEM32\DRIVERS\Mojave.sys [1/7/2002 10:21 AM 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

S3 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/6/2001 3:41 PM 28672]

.

Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:58]

2010-07-15 c:\windows\Tasks\RegSERVO.job

- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-07-17 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-01-07 13:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dellnet.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Coupons - file://c:\program files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

FF - ProfilePath - c:\documents and settings\Administrator.HAL\Application Data\Mozilla\Firefox\Profiles\zoanf2df.default\

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8273FD20]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf9b6cfc3

\Driver\ACPI -> ACPI.sys @ 0xf9adfcb8

\Driver\atapi -> 0x8273fd20

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf99a5bc3

PacketIndicateHandler -> NDIS.sys @ 0xf9993a0b

SendHandler -> NDIS.sys @ 0xf99a7b31

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

- - - - - - - > 'lsass.exe'(1224)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(2280)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Cisco Systems\VPN client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\System32\nvsvc32.exe

c:\program files\PivX\Qwik-Fix\qfloadsvc.exe

c:\windows\System32\ScsiAccess.EXE

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\devldr32.exe

.

**************************************************************************

.

Completion time: 2010-07-16 23:31:50 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-17 03:31

Pre-Run: 33,771,327,488 bytes free

Post-Run: 33,513,787,392 bytes free

- - End Of File - - 8F1A9E4CD3E726FE1378033832FB6F0A

Link to post
Share on other sites

  • Staff

Hi,

Read through this to make sure you understand everything before proceeding; you wont be able to access the Internet for a bit, so I recommend printing this out.

Restart your computer, but boot to the Recovery Console instead of Windows.

Access your partition by typing 1 or whatever option is given.

At the command prompt, type this in:

FIXMBR

Press Enter.

When that completes, type Exit Press Enter, and boot back into Windows.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=56942
Driver::
szkg5
szkgfs
Suspect::
c:\program files\newview1.exe
c:\program files\tif.reg
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couponsandoffers]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
KILALL::[/size]

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

-screen317

Link to post
Share on other sites

Hello,

When trying to reboot into the recovery console, I get an error message that says the file "AIC78U2.SY_" is corrupted.

When trying to install the recovery console from windows cd (http://support.microsoft.com/kb/307654), I get the error message "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD." which makes sense because the OEM XP cd does not have SP1 or SP2. So i go to http://support.microsoft.com/kb/898594/ to integrate SP2 and make a recovery console and I get an error that states "wmiprvsd.dl_" is corrupted.

Then I remember that combofix has an option to manually install recovery console, so i download the SP2 option (http://support.microsoft.com/kb/310994) and drag the windowsxp-kb310994-sp2-hom-bootdisk-enu.exe onto the combofix.exe icon on my desktop and get the "combofix is preparing to run," thinking it's intalling the recovery console, which it didn't. It just ran combofix. I didnt get to use the CFScript option on that one. After it ran and cleaned up and logged, I restarted my computer and still couldnt get into recovery console so I reset again and booted from windows cd and hit R to repair (http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/) and ran FIXMBR but it said my MBR is different can could potentially mess it up if I did I tried to fix it and never run again (which I thought could be because I'm trying to repair a SP2 MBR with a SP0 windows install CD) so I hit no when it asked me to continue.

Let me know if it's OK to run FIXMBR on a SP2 MBR from the SP0 cd, and I will, I just didn't want to break anything further.

I still have yet to run the CFScript.txt in combofix.

Thanks

Anyway, here is my combofix.txt (again, not the one with the CFScript, as I couldn't do the FIXMBR).

ComboFix 10-07-16.02 - Bruce 07/19/2010 18:52:39.9.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.96 [GMT -4:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bruce\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\tmpPrst.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))

.

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPSP2

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPCD

2010-07-16 17:40 . 2010-07-16 17:40 -------- d-----w- c:\documents and settings\Administrator.HAL\Local Settings\Application Data\Mozilla

2010-07-12 17:04 . 2006-01-13 17:07 360448 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 02:08 . 2010-07-12 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO

2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\RegSERVO

2010-07-11 19:49 . 2010-07-11 19:49 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33 . 2010-07-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-07-11 19:29 . 2010-07-11 19:29 -------- d-----w- c:\program files\Common Files\iS3

2010-07-11 19:29 . 2010-07-12 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-07-11 13:59 . 2010-07-11 23:01 -------- d-----w- c:\program files\trend micro

2010-07-11 13:59 . 2010-07-11 13:59 -------- d-----w- C:\rsit

2010-07-11 13:48 . 2010-07-11 13:48 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Malwarebytes

2010-07-10 23:51 . 2010-07-10 23:51 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Threat Expert

2010-07-10 22:08 . 2010-07-10 22:08 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Threat Expert

2010-07-10 21:46 . 2010-07-11 00:21 -------- d-----w- c:\program files\Spyware Doctor

2010-07-10 21:46 . 2010-07-11 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-10 17:18 . 2010-07-10 17:18 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Malwarebytes

2010-07-10 17:00 . 2010-07-10 17:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59 . 2010-07-11 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59 . 2010-07-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-01 17:33 . 2010-07-01 17:40 -------- d-----w- c:\program files\AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-19 23:23 . 2010-07-19 23:23 73 ----a-w- c:\windows\system32\ssprs.dll

2010-07-19 23:23 . 2010-07-19 23:23 0 ----a-w- c:\windows\system32\tmpPrst.dll

2010-07-12 12:41 . 2009-10-19 15:07 0 ----a-r- c:\windows\win32k.sys

2010-07-11 19:52 . 2010-07-11 19:51 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-11 13:12 . 2010-07-11 13:12 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcp71.dll

2010-07-11 13:12 . 2010-07-11 13:11 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\jmc.dll

2010-07-11 13:11 . 2010-07-11 13:11 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcr71.dll

2010-07-11 13:11 . 2010-07-11 13:11 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-sse.dll

2010-07-11 13:11 . 2010-07-11 13:11 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-d3d.dll

2010-07-10 23:46 . 2003-02-19 02:56 104584 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-10 18:03 . 2002-11-12 03:57 -------- d-----w- c:\program files\McAfee

2010-07-10 15:12 . 2002-01-12 23:56 104584 -c--a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 22:41 . 2010-06-28 22:41 503808 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcp71.dll

2010-06-28 22:41 . 2010-06-28 22:41 499712 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\jmc.dll

2010-06-28 22:41 . 2010-06-28 22:41 348160 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcr71.dll

2010-06-28 22:41 . 2010-06-28 22:41 61440 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-sse.dll

2010-06-28 22:41 . 2010-06-28 22:41 12800 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-d3d.dll

2010-06-17 18:22 . 2010-06-17 18:22 53248 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\IeEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 188416 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\MozEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 110592 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\jdic.dll

2010-05-27 15:17 . 2010-05-27 15:17 666112 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll

2010-05-24 22:38 . 2010-05-24 22:38 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcp71.dll

2010-05-24 22:38 . 2010-05-24 22:38 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\jmc.dll

2010-05-24 22:38 . 2010-05-24 22:38 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcr71.dll

2010-05-24 22:38 . 2010-05-24 22:38 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-sse.dll

2010-05-24 22:38 . 2010-05-24 22:38 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-d3d.dll

2010-05-04 01:55 . 2009-03-12 16:15 813872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2004-04-14 09:45 . 2004-07-28 14:41 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39 . 2002-02-23 18:38 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17 . 2002-02-17 09:17 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07 . 2002-01-31 00:06 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50 . 2002-01-12 02:38 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02 . 2002-01-12 01:39 55467 ----a-w- c:\program files\FastTune.exe

2010-02-12 16:30 . 2010-02-12 16:30 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2007-01-03 11:09 . 2007-05-19 15:05 214616 ----a-w- c:\program files\mozilla firefox\components\FFHook.dll

2010-02-12 16:30 . 2010-02-12 16:30 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

2002-08-01 00:55 . 2006-02-05 14:25 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56 . 2004-12-10 14:04 12208 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2004-05-13 19:53 . 2004-05-12 22:51 71 --sha-w- c:\windows\SYSTEM32\SYSDRVWC.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Patrick\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 6.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

backup=c:\windows\pss\BOINC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

backup=c:\windows\pss\Fidelity CorpRAS VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

backup=c:\windows\pss\First Coast News NOW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

backup=c:\windows\pss\ItsDeductible7PopUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

backup=c:\windows\pss\KeenValue.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

backup=c:\windows\pss\ZoneAlarm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

?????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

?????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

BridgeDeCor.exe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\couponsandoffers]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

2001-03-28 07:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\aim\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2004-04-07 16:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-08-30 20:05 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-08-02 17:33 368720 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

2004-06-05 03:12 375296 ----a-w- c:\program files\BoincLogX\boinclogx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2003-03-12 23:41 77824 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

2001-09-23 13:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2003-12-04 07:50 271360 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2002-02-04 23:58 487424 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

2002-08-14 20:09 505217 ----a-w- c:\progra~1\INSTAN~2\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 14:39 98304 ----a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

2002-06-13 19:01 49152 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

2003-06-24 16:09 568096 ----a-w- c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2003-07-11 18:57 4182016 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

2001-08-09 19:51 135168 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-10-06 18:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

2003-06-16 19:14 266240 ----a-w- c:\windows\SYSTEM32\PD6000SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

2004-05-07 20:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

2004-12-07 07:50 1372160 ----a-w- c:\program files\PivX\Qwik-Fix\qfui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

2003-07-15 16:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2003-10-23 00:15 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

2003-03-24 00:33 369664 ----a-w- c:\program files\Log9x\log9x.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2005-05-22 01:08 1241088 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-03 11:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2002-07-15 17:48 1544192 -c--a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2002-11-28 22:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-12-08 18:55 3096576 ----a-w- c:\patrick\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2004-10-01 23:03 475136 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\aim\\aim.exe"=

"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=

"c:\\Patrick\\Messenger\\YPager.exe"=

"c:\\Patrick\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\DVD\\utorrent.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\SBWIZARD\\SBWIZARD.EXE"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Sun\\Java\\Deployment\\cache\\javaws\\http\\Dbaliweb.etrade.com\\P80\\DMbalicli_alt1\\RNjdic-windows.jar\\IeEmbed.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 Asapi;ASAPI;c:\windows\SYSTEM32\DRIVERS\asapi.sys [4/20/2003 11:21 AM 10240]

R1 cdrdrv;cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [4/20/2003 11:21 AM 61440]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [4/20/2003 11:21 AM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [4/20/2003 11:21 AM 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\SYSTEM32\AgentCD.sys [1/7/2002 10:21 AM 196096]

R2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [12/20/2009 1:14 PM 266240]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 8:00 AM 14336]

R3 Dvd43;Dvd43;c:\windows\SYSTEM32\DRIVERS\Dvd43.sys [10/17/2004 9:04 PM 26048]

R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]

R3 st3tgbus;st3tgbus;c:\windows\SYSTEM32\DRIVERS\st3tgbus.sys [3/12/2003 7:37 PM 8640]

R3 st3tiger;st3tiger;c:\windows\SYSTEM32\DRIVERS\st3tiger.sys [3/12/2003 7:38 PM 99168]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:59 AM 135664]

S2 Mojave;Dazzle Mojave Device;c:\windows\SYSTEM32\DRIVERS\Mojave.sys [1/7/2002 10:21 AM 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

.

Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:58]

2010-07-18 c:\windows\Tasks\RegSERVO.job

- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-07-19 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-01-07 13:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dellnet.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Coupons - file://c:\program files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\xcrtem9u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\documents and settings\Bruce\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82A75010]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf9b6cfc3

\Driver\ACPI -> ACPI.sys @ 0xf9adfcb8

\Driver\atapi -> 0x82a75010

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf99a5bc3

PacketIndicateHandler -> NDIS.sys @ 0xf9993a0b

SendHandler -> NDIS.sys @ 0xf99a7b31

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

- - - - - - - > 'lsass.exe'(1224)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(3240)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\devldr32.exe

c:\windows\system32\PackethSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Cisco Systems\VPN client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\System32\nvsvc32.exe

c:\program files\PivX\Qwik-Fix\qfloadsvc.exe

c:\windows\System32\ScsiAccess.EXE

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-07-19 19:35:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-19 23:35

ComboFix2.txt 2010-07-17 16:46

ComboFix3.txt 2010-07-17 15:44

ComboFix4.txt 2010-07-17 14:42

ComboFix5.txt 2010-07-19 22:36

Pre-Run: 33,269,428,224 bytes free

Post-Run: 33,003,413,504 bytes free

- - End Of File - - 310ED9799F93C18739BD9FB72F14B492

Link to post
Share on other sites

I ran the CFScript.txt on combofix, but I didn't get the message for the internet files.

Combofix will still not boot into regular windows xp to delete rootkits, I'm getting a bluescreen before the login screen that says "DRIVER_IRQL_NOT_LESS_OR_EQUAL"

It seems to work fine in safe mode, other than after booting it didnt do the internet message...

Here is the log:

ComboFix 10-07-16.02 - Bruce 07/21/2010 18:35:49.10.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.97 [GMT -4:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bruce\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\tmpPrst.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Legacy_SZKG5

-------\Legacy_SZKGFS

-------\Service_Iprip

-------\Service_szkg5

-------\Service_szkgfs

((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))

.

2010-07-19 23:58 . 2004-08-04 07:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-07-19 23:58 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-07-19 23:58 . 2001-08-18 02:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-07-19 23:58 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-07-19 23:58 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-07-19 23:56 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-07-19 23:55 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-07-19 23:54 . 2004-08-04 05:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys

2010-07-19 23:53 . 2002-08-29 05:59 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys

2010-07-19 23:52 . 2004-08-04 06:09 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-07-19 23:51 . 2001-08-18 12:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll

2010-07-19 23:50 . 2001-08-18 02:36 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll

2010-07-19 23:49 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2010-07-19 23:48 . 2001-08-18 12:00 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe

2010-07-19 23:47 . 2004-08-04 06:09 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys

2010-07-19 23:46 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPSP2

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPCD

2010-07-16 17:40 . 2010-07-16 17:40 -------- d-----w- c:\documents and settings\Administrator.HAL\Local Settings\Application Data\Mozilla

2010-07-12 17:04 . 2006-01-13 17:07 360448 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 17:04 . 2006-01-13 17:07 360448 ----a-w- c:\windows\system32\dllcache\tcpip.sys

2010-07-12 02:08 . 2010-07-12 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO

2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\RegSERVO

2010-07-11 19:49 . 2010-07-11 19:49 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33 . 2010-07-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-07-11 19:29 . 2010-07-11 19:29 -------- d-----w- c:\program files\Common Files\iS3

2010-07-11 19:29 . 2010-07-12 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-07-11 13:59 . 2010-07-11 23:01 -------- d-----w- c:\program files\trend micro

2010-07-11 13:59 . 2010-07-11 13:59 -------- d-----w- C:\rsit

2010-07-11 13:48 . 2010-07-11 13:48 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Malwarebytes

2010-07-10 23:51 . 2010-07-10 23:51 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Threat Expert

2010-07-10 22:08 . 2010-07-10 22:08 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Threat Expert

2010-07-10 21:46 . 2010-07-11 00:21 -------- d-----w- c:\program files\Spyware Doctor

2010-07-10 21:46 . 2010-07-11 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-10 17:18 . 2010-07-10 17:18 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Malwarebytes

2010-07-10 17:00 . 2010-07-10 17:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59 . 2010-07-11 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59 . 2010-07-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-01 17:33 . 2010-07-01 17:40 -------- d-----w- c:\program files\AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 23:06 . 2010-07-21 23:06 73 ----a-w- c:\windows\system32\ssprs.dll

2010-07-21 23:06 . 2010-07-21 23:06 0 ----a-w- c:\windows\system32\tmpPrst.dll

2010-07-21 23:06 . 2010-07-21 23:06 0 ----a-w- c:\windows\system32\lsprst7.dll

2010-07-12 12:41 . 2009-10-19 15:07 0 ----a-r- c:\windows\win32k.sys

2010-07-11 19:52 . 2010-07-11 19:51 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-11 13:12 . 2010-07-11 13:12 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcp71.dll

2010-07-11 13:12 . 2010-07-11 13:11 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\jmc.dll

2010-07-11 13:11 . 2010-07-11 13:11 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcr71.dll

2010-07-11 13:11 . 2010-07-11 13:11 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-sse.dll

2010-07-11 13:11 . 2010-07-11 13:11 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-d3d.dll

2010-07-10 23:46 . 2003-02-19 02:56 104584 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-10 18:03 . 2002-11-12 03:57 -------- d-----w- c:\program files\McAfee

2010-07-10 15:12 . 2002-01-12 23:56 104584 -c--a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 22:41 . 2010-06-28 22:41 503808 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcp71.dll

2010-06-28 22:41 . 2010-06-28 22:41 499712 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\jmc.dll

2010-06-28 22:41 . 2010-06-28 22:41 348160 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcr71.dll

2010-06-28 22:41 . 2010-06-28 22:41 61440 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-sse.dll

2010-06-28 22:41 . 2010-06-28 22:41 12800 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-d3d.dll

2010-06-17 18:22 . 2010-06-17 18:22 53248 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\IeEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 188416 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\MozEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 110592 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\jdic.dll

2010-05-27 15:17 . 2010-05-27 15:17 666112 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll

2010-05-24 22:38 . 2010-05-24 22:38 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcp71.dll

2010-05-24 22:38 . 2010-05-24 22:38 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\jmc.dll

2010-05-24 22:38 . 2010-05-24 22:38 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcr71.dll

2010-05-24 22:38 . 2010-05-24 22:38 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-sse.dll

2010-05-24 22:38 . 2010-05-24 22:38 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-d3d.dll

2010-05-04 01:55 . 2009-03-12 16:15 813872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2004-04-14 09:45 . 2004-07-28 14:41 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39 . 2002-02-23 18:38 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17 . 2002-02-17 09:17 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07 . 2002-01-31 00:06 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50 . 2002-01-12 02:38 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02 . 2002-01-12 01:39 55467 ----a-w- c:\program files\FastTune.exe

2010-02-12 16:30 . 2010-02-12 16:30 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2007-01-03 11:09 . 2007-05-19 15:05 214616 ----a-w- c:\program files\mozilla firefox\components\FFHook.dll

2010-02-12 16:30 . 2010-02-12 16:30 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

2002-08-01 00:55 . 2006-02-05 14:25 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56 . 2004-12-10 14:04 12208 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2004-05-13 19:53 . 2004-05-12 22:51 71 --sha-w- c:\windows\SYSTEM32\SYSDRVWC.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Patrick\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 6.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

backup=c:\windows\pss\BOINC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

backup=c:\windows\pss\Fidelity CorpRAS VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

backup=c:\windows\pss\First Coast News NOW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

backup=c:\windows\pss\ItsDeductible7PopUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

backup=c:\windows\pss\KeenValue.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

backup=c:\windows\pss\ZoneAlarm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

BridgeDeCor.exe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

2001-03-28 07:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\aim\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2004-04-07 16:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-08-30 20:05 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-08-02 17:33 368720 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

2004-06-05 03:12 375296 ----a-w- c:\program files\BoincLogX\boinclogx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2003-03-12 23:41 77824 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

2001-09-23 13:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2003-12-04 07:50 271360 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2002-02-04 23:58 487424 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

2002-08-14 20:09 505217 ----a-w- c:\progra~1\INSTAN~2\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 14:39 98304 ----a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

2002-06-13 19:01 49152 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

2003-06-24 16:09 568096 ----a-w- c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2003-07-11 18:57 4182016 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

2001-08-09 19:51 135168 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-10-06 18:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

2003-06-16 19:14 266240 ----a-w- c:\windows\SYSTEM32\PD6000SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

2004-05-07 20:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

2004-12-07 07:50 1372160 ----a-w- c:\program files\PivX\Qwik-Fix\qfui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

2003-07-15 16:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2003-10-23 00:15 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

2003-03-24 00:33 369664 ----a-w- c:\program files\Log9x\log9x.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2005-05-22 01:08 1241088 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-03 11:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2002-07-15 17:48 1544192 -c--a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2002-11-28 22:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-12-08 18:55 3096576 ----a-w- c:\patrick\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2004-10-01 23:03 475136 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\aim\\aim.exe"=

"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=

"c:\\Patrick\\Messenger\\YPager.exe"=

"c:\\Patrick\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\DVD\\utorrent.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\SBWIZARD\\SBWIZARD.EXE"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Sun\\Java\\Deployment\\cache\\javaws\\http\\Dbaliweb.etrade.com\\P80\\DMbalicli_alt1\\RNjdic-windows.jar\\IeEmbed.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 Asapi;ASAPI;c:\windows\SYSTEM32\DRIVERS\asapi.sys [4/20/2003 11:21 AM 10240]

R1 cdrdrv;cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [4/20/2003 11:21 AM 61440]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [4/20/2003 11:21 AM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [4/20/2003 11:21 AM 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\SYSTEM32\AgentCD.sys [1/7/2002 10:21 AM 196096]

R2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [12/20/2009 1:14 PM 266240]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 8:00 AM 14336]

R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [1/7/2002 10:23 AM 64512]

R3 Dvd43;Dvd43;c:\windows\SYSTEM32\DRIVERS\Dvd43.sys [10/17/2004 9:04 PM 26048]

R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]

R3 st3tgbus;st3tgbus;c:\windows\SYSTEM32\DRIVERS\st3tgbus.sys [3/12/2003 7:37 PM 8640]

R3 st3tiger;st3tiger;c:\windows\SYSTEM32\DRIVERS\st3tiger.sys [3/12/2003 7:38 PM 99168]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:59 AM 135664]

S2 Mojave;Dazzle Mojave Device;c:\windows\SYSTEM32\DRIVERS\Mojave.sys [1/7/2002 10:21 AM 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

S3 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/6/2001 3:41 PM 28672]

.

Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:58]

2010-07-18 c:\windows\Tasks\RegSERVO.job

- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-07-21 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-01-07 13:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dellnet.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Coupons - file://c:\program files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\xcrtem9u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\documents and settings\Bruce\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B08438]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf9b6cfc3

\Driver\ACPI -> ACPI.sys @ 0xf9adfcb8

\Driver\atapi -> 0x82b08438

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876

ParseProcedure -> ntoskrnl.exe @ 0x8057016c

NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf99a5bc3

PacketIndicateHandler -> NDIS.sys @ 0xf9993a0b

SendHandler -> NDIS.sys @ 0xf99a7b31

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

- - - - - - - > 'lsass.exe'(1224)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(2292)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\devldr32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Cisco Systems\VPN client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\System32\nvsvc32.exe

c:\program files\PivX\Qwik-Fix\qfloadsvc.exe

c:\windows\System32\ScsiAccess.EXE

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-07-21 19:18:12 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-21 23:18

ComboFix2.txt 2010-07-17 16:46

ComboFix3.txt 2010-07-17 15:44

ComboFix4.txt 2010-07-17 14:42

ComboFix5.txt 2010-07-19 22:36

Pre-Run: 32,956,805,120 bytes free

Post-Run: 32,691,384,320 bytes free

- - End Of File - - 16EA5E4950265117C3ED5E0F22DA056E

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi:

I ran F-Secure and the log is posted below. I am running Internet Explorer version: 6.0.2900.2180.xpsp_sp2_gdr.050301-1519. I never received a message to install Activex. I downloaded SecurityCheck from the the first link and when I tried to install it I received a error message "The archive is either in unknown format or damaged". I then downloaded from the second link and it installed and ran OK.

Here is the F-Secure Log:

Scanning Report

Thursday, July 22, 2010 11:43:21 - 15:45:08

Computer name: HAL

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ E:\ G:\

6 malware found

Suspicious:W32/Malware!Gemini (virus)

* C:\UNZIPPED\RMJ\RMJ\RMJ.EXE (Not cleaned & Submitted)

Gen:Trojan.Heur.hG0@t9GJLpbiY (virus)

* C:\PROGRAM FILES\SUPPORT.COM\RUNNER.EXE (Renamed & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RADVIDEO\SMACKPLW.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\DVD\UTORRENT.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\INSTALL.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\DADS\XVID112502.EXE (Not cleaned & Submitted)

Statistics

Scanned:

* Files: 118499

* System: 5555

* Not scanned: 23

Actions:

* Disinfected: 0

* Renamed: 1

* Deleted: 0

* Not cleaned: 5

* Submitted: 6

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

* C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL

* C:\WINDOWS\$NTUNINSTALLKB839645$\SHLWAPI.DLL

* C:\WINDOWS\$NTUNINSTALLKB839645$\SXS.DLL

* C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL

* C:\WINDOWS\$NTUNINSTALLKB839645$\XPSP2RES.DLL

* C:\PROGRAM FILES\TREND MICRO\STEPHANIE.EXE

* C:\PROGRAM FILES\TREND MICRO\BRUCE.EXE

* C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

* C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\DSADASM.EXE

* C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

* C:\PROGRAM FILES\GAMESPY ARCADE\BANNER.HTML

* C:\PROGRAM FILES\COMMON FILES\IS3\ANTI-SPYWARE\SZSERVER.EXE

* C:\DOCUMENTS AND SETTINGS\BRUCE\LOCAL SETTINGS\TEMP\HSPERFDATA_BRUCE\3896

* C:\DOCUMENTS AND SETTINGS\BRUCE\DESKTOP\RSIT.EXE

* C:\A\A\NEW FOLDER\RSIT.EXE

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Copyright

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java 2 Runtime Environment Standard Edition v1.3.1

Java

Link to post
Share on other sites

I uninstalled Combofix and deleted SecurityCheck. I removed the Java programs and installed the latest versions as instructed. I went to Microsoft Update and it said "checking for latest updates". It ran continuously for over an hour. I manually had to download SP3. The machine rebooted and I went back to Microsoft Update and checked for any other updates. Again it ran continuously. I manually downloaded IE8. The install window had "check for updates" selected and I clicked "next". The window said "downloading files" which ran forever and I could see my modem was not downloading anything. I unchecked the "check for updates" box, and IE8 installed. I checked my browsers and had the same problem as in the beginning. IE and Firefox would only connect to secure websites. Netscape worked OK.

I ran downloaded ComboFix and ran it. Again it said it detected rootkit activity and it rebooted and I had to run it in Safe Mode. After it ran my browsers worked OK. I still think there are deep embedded problems but don"t know what to do. Do you think think this is a lost cause and I should throw in the towel?

Link to post
Share on other sites

I do not have the original ComboFix.txt from the run immediately after I had the problem with the browsers, but I ran it again shortly after and here is the file.

ComboFix 10-07-24.03 - Bruce 07/25/2010 12:04:28.13.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.90 [GMT -4:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))

.

2010-07-25 14:54 . 2010-07-25 14:54 -------- d-----w- C:\rsit

2010-07-24 18:00 . 2010-07-24 18:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-24 14:15 . 2010-07-24 14:16 -------- dc-h--w- c:\windows\ie8

2010-07-24 13:56 . 2010-07-24 13:56 -------- d-----w- c:\documents and settings\Scout\Local Settings\Application Data\Mozilla

2010-07-24 13:41 . 2010-07-24 13:41 -------- d-sh--w- c:\documents and settings\Scout\PrivacIE

2010-07-24 02:40 . 2010-07-24 02:40 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE

2010-07-24 02:20 . 2010-07-24 02:20 -------- d-sh--w- c:\documents and settings\Guest\IETldCache

2010-07-24 01:16 . 2010-07-24 01:16 -------- d-----w- c:\windows\system32\wbem\Repository

2010-07-24 01:03 . 2010-07-24 01:03 -------- d-----w- c:\documents and settings\Stephanie\IECompatCache

2010-07-24 01:02 . 2010-07-24 01:02 -------- d-sh--w- c:\documents and settings\Stephanie\PrivacIE

2010-07-24 00:58 . 2010-07-24 00:58 -------- d-sh--w- c:\documents and settings\Stephanie\IETldCache

2010-07-24 00:46 . 2010-07-24 00:46 -------- d-sh--w- c:\documents and settings\Bruce\PrivacIE

2010-07-24 00:18 . 2010-07-24 00:18 -------- d-sh--w- c:\documents and settings\Bruce\IETldCache

2010-07-23 21:35 . 2008-04-14 02:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2010-07-23 21:35 . 2008-04-14 04:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2010-07-23 20:39 . 2010-07-23 20:39 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-22 02:41 . 2010-07-22 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-07-19 23:58 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-07-19 23:58 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-07-19 23:58 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-07-19 23:56 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-07-19 23:55 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-07-19 23:54 . 2004-08-04 05:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys

2010-07-19 23:53 . 2002-08-29 05:59 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys

2010-07-19 23:52 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-07-19 23:51 . 2001-08-18 12:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll

2010-07-19 23:50 . 2001-08-18 02:36 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll

2010-07-19 23:49 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2010-07-19 23:48 . 2001-08-18 12:00 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe

2010-07-19 23:47 . 2001-08-17 18:01 36096 ----a-w- c:\windows\system32\dllcache\avcaudio.sys

2010-07-19 23:46 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPSP2

2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- C:\XPCD

2010-07-16 17:40 . 2010-07-16 17:40 -------- d-----w- c:\documents and settings\Administrator.HAL\Local Settings\Application Data\Mozilla

2010-07-12 17:04 . 2008-04-14 04:50 361344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-12 02:08 . 2010-07-12 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO

2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\RegSERVO

2010-07-11 19:49 . 2010-07-11 19:49 32768 ---ha-w- C:\SZKGFS.dat

2010-07-11 19:33 . 2010-07-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-07-11 19:29 . 2010-07-11 19:29 -------- d-----w- c:\program files\Common Files\iS3

2010-07-11 19:29 . 2010-07-12 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-07-11 13:59 . 2010-07-11 23:01 -------- d-----w- c:\program files\trend micro

2010-07-11 13:48 . 2010-07-11 13:48 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Malwarebytes

2010-07-11 13:12 . 2010-07-11 13:12 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcp71.dll

2010-07-11 13:11 . 2010-07-11 13:12 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\jmc.dll

2010-07-11 13:11 . 2010-07-11 13:11 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4352a736-n\msvcr71.dll

2010-07-11 13:11 . 2010-07-11 13:11 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-sse.dll

2010-07-11 13:11 . 2010-07-11 13:11 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44bc5cbb-n\decora-d3d.dll

2010-07-10 23:51 . 2010-07-10 23:51 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Threat Expert

2010-07-10 22:08 . 2010-07-10 22:08 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Threat Expert

2010-07-10 21:46 . 2010-07-11 00:21 -------- d-----w- c:\program files\Spyware Doctor

2010-07-10 21:46 . 2010-07-11 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-10 17:18 . 2010-07-10 17:18 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Malwarebytes

2010-07-10 17:00 . 2010-07-10 17:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 16:59 . 2010-07-11 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 16:59 . 2010-07-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 16:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-01 17:33 . 2010-07-01 17:40 -------- d-----w- c:\program files\AVG

2010-06-28 22:41 . 2010-06-28 22:41 503808 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcp71.dll

2010-06-28 22:41 . 2010-06-28 22:41 499712 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\jmc.dll

2010-06-28 22:41 . 2010-06-28 22:41 348160 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e9e0915-n\msvcr71.dll

2010-06-28 22:41 . 2010-06-28 22:41 61440 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-sse.dll

2010-06-28 22:41 . 2010-06-28 22:41 12800 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-22e86675-n\decora-d3d.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-24 13:38 . 2010-07-24 13:38 104968 ----a-w- c:\documents and settings\Scout\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-23 21:47 . 2001-11-15 13:30 81399 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2010-07-23 20:41 . 2005-09-05 16:37 -------- d-----w- c:\program files\Common Files\Java

2010-07-22 19:44 . 2002-04-15 23:30 -------- d-----w- c:\program files\Support.com

2010-07-12 12:41 . 2009-10-19 15:07 0 ----a-r- c:\windows\win32k.sys

2010-07-11 19:52 . 2010-07-11 19:51 688 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-07-10 23:46 . 2003-02-19 02:56 104584 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-10 18:03 . 2002-11-12 03:57 -------- d-----w- c:\program files\McAfee

2010-07-10 15:12 . 2002-01-12 23:56 104584 -c--a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-17 18:22 . 2010-06-17 18:22 53248 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\IeEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 188416 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\MozEmbed.exe

2010-06-17 18:22 . 2010-06-17 18:22 110592 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\cache\6.0\5\7fc1bec5-42066185-n\jdic.dll

2010-05-27 15:17 . 2010-05-27 15:17 666112 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll

2010-05-24 22:38 . 2010-05-24 22:38 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcp71.dll

2010-05-24 22:38 . 2010-05-24 22:38 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\jmc.dll

2010-05-24 22:38 . 2010-05-24 22:38 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-579946ce-n\msvcr71.dll

2010-05-24 22:38 . 2010-05-24 22:38 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-sse.dll

2010-05-24 22:38 . 2010-05-24 22:38 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48af5d8c-n\decora-d3d.dll

2010-05-04 01:55 . 2009-03-12 16:15 813872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2004-04-14 09:45 . 2004-07-28 14:41 172032 ----a-w- c:\program files\PeerGuardian_1.99b_pr14-3.exe

2002-02-23 18:39 . 2002-02-23 18:38 560640 -c--a-w- c:\program files\newview1.exe

2002-02-17 09:17 . 2002-02-17 09:17 8650 -c--a-w- c:\program files\tif.reg

2002-01-31 00:07 . 2002-01-31 00:06 5193728 -c--a-w- c:\program files\RealArcadeATT.exe

1998-06-30 23:50 . 2002-01-12 02:38 139776 ----a-w- c:\program files\Lego Mindstorms.exe

1997-06-16 17:02 . 2002-01-12 01:39 55467 ----a-w- c:\program files\FastTune.exe

2010-02-12 16:30 . 2010-02-12 16:30 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2007-01-03 11:09 . 2007-05-19 15:05 214616 ----a-w- c:\program files\mozilla firefox\components\FFHook.dll

2010-02-12 16:30 . 2010-02-12 16:30 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

2002-08-01 00:55 . 2006-02-05 14:25 106 --sh--w- c:\windows\WSYS049.SYS

2005-05-09 11:56 . 2004-12-10 14:04 12208 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2004-05-13 19:53 . 2004-05-12 22:51 71 --sha-w- c:\windows\SYSTEM32\SYSDRVWC.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Patrick\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Scout\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\

CUseeMe Setup.lnk - c:\windows\SYSTEM32\RunDll32.exe [2001-8-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 6.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 6.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC.lnk]

backup=c:\windows\pss\BOINC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]

backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fidelity CorpRAS VPN Client.lnk]

backup=c:\windows\pss\Fidelity CorpRAS VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^First Coast News NOW.lnk]

backup=c:\windows\pss\First Coast News NOW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ItsDeductible7PopUp.lnk]

backup=c:\windows\pss\ItsDeductible7PopUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]

backup=c:\windows\pss\KeenValue.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]

backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm.lnk]

backup=c:\windows\pss\ZoneAlarm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BridgeDeCor]

BridgeDeCor.exe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

2001-03-28 07:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\aim\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2004-04-07 16:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-08-30 20:05 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-08-02 17:33 368720 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoincLogX]

2004-06-05 03:12 375296 ----a-w- c:\program files\BoincLogX\boinclogx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2003-03-12 23:41 77824 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

2001-09-23 13:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2003-12-04 07:50 271360 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2002-02-04 23:58 487424 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

2002-08-14 20:09 505217 ----a-w- c:\progra~1\INSTAN~2\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 14:39 98304 ----a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

2002-06-13 19:01 49152 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

2003-06-24 16:09 568096 ----a-w- c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2003-07-11 18:57 4182016 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

2001-08-09 19:51 135168 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-10-06 18:16 5058560 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD6000StatusMonitor]

2003-06-16 19:14 266240 ----a-w- c:\windows\SYSTEM32\PD6000SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

2004-05-07 20:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwik-Fix User Interface]

2004-12-07 07:50 1372160 ----a-w- c:\program files\PivX\Qwik-Fix\qfui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

2003-07-15 16:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2003-10-23 00:15 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetiLog9x]

2003-03-24 00:33 369664 ----a-w- c:\program files\Log9x\log9x.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2005-05-22 01:08 1241088 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-03 11:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2002-07-15 17:48 1544192 -c--a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2002-11-28 22:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-12-08 18:55 3096576 ----a-w- c:\patrick\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2004-10-01 23:03 475136 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\aim\\aim.exe"=

"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=

"c:\\Patrick\\Messenger\\YPager.exe"=

"c:\\Patrick\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\SBWIZARD\\SBWIZARD.EXE"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Sun\\Java\\Deployment\\cache\\javaws\\http\\Dbaliweb.etrade.com\\P80\\DMbalicli_alt1\\RNjdic-windows.jar\\IeEmbed.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 Asapi;ASAPI;c:\windows\SYSTEM32\DRIVERS\asapi.sys [4/20/2003 11:21 AM 10240]

R1 cdrdrv;cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [4/20/2003 11:21 AM 61440]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [4/20/2003 11:21 AM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [4/20/2003 11:21 AM 178688]

R2 agentcd;DriverAgent Class Driver;c:\windows\SYSTEM32\AgentCD.sys [1/7/2002 10:21 AM 196096]

R3 Dvd43;Dvd43;c:\windows\SYSTEM32\DRIVERS\Dvd43.sys [10/17/2004 9:04 PM 26048]

R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]

R3 st3tgbus;st3tgbus;c:\windows\SYSTEM32\DRIVERS\st3tgbus.sys [3/12/2003 7:37 PM 8640]

R3 st3tiger;st3tiger;c:\windows\SYSTEM32\DRIVERS\st3tiger.sys [3/12/2003 7:38 PM 99168]

S2 Mojave;Dazzle Mojave Device;c:\windows\SYSTEM32\DRIVERS\Mojave.sys [1/7/2002 10:21 AM 119276]

S2 NokiaSuite3;NokiaSuite3; [x]

.

Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacb5631894a6c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:58]

2010-07-25 c:\windows\Tasks\RegSERVO.job

- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-07-25 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-01-07 13:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cnn.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Coupons - file://c:\program files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: connwsp.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: {3BD73E2C-CFFC-4064-8841-7CCBC3AA0569} = 208.67.222.222,208.67.220.220

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\xcrtem9u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\documents and settings\Bruce\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82ED46A8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf9bd0f28

\Driver\ACPI -> ACPI.sys @ 0xf9b43cb8

\Driver\atapi -> 0x82ed46a8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6

NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf9a08bd4

PacketIndicateHandler -> NDIS.sys @ 0xf9a14a21

SendHandler -> NDIS.sys @ 0xf9a08d44

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

- - - - - - - > 'lsass.exe'(1232)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(3404)

c:\windows\system32\msms001.vwp

c:\windows\system32\mvoice.vwp

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\connwsp.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\PackethSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.EXE

c:\windows\system32\CSHelper.exe

c:\program files\Cisco Systems\VPN client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\System32\nvsvc32.exe

c:\program files\PivX\Qwik-Fix\qfloadsvc.exe

c:\windows\System32\ScsiAccess.EXE

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\devldr32.exe

.

**************************************************************************

.

Completion time: 2010-07-25 13:19:38 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-25 17:19

Pre-Run: 32,706,703,360 bytes free

Post-Run: 32,424,321,024 bytes free

- - End Of File - - 549CFCB276CE2D7300364EA20D6882A6

Here is MBRCheck

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> error 1

\\.\E: --> error 1

\\.\G: --> error 1

Done! Press ENTER to exit...

Link to post
Share on other sites

  • Staff

Hi,

I suspect a hidden MBR infection. A new version of ComboFix was released which will detect it if present. I would like to confirm its presence before proceeding.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Ensure that all protection programs are disabled, run it, and post its log. Also post a fresh DDS log.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.