Jump to content

H E L P ! HJT Log included


Mel_3

Recommended Posts

"Infected" popups & redirection from IE 8.

Thanks for any help!

HJT log below...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:06:46 PM, on 9/30/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpv.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Rfofekibehav] rundll32.exe "C:\WINDOWS\utibuvog.dll",Startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SmartUI.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.fastestdeploy.com

O15 - Trusted Zone: http://*.fastestdeploy.com (HKLM)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE59C59-FDC2-4F37-B00C-58CB922765A3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A6B7D6-4685-44F7-BBBC-CD647744A0FD}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--

End of file - 6278 bytes

Link to post
Share on other sites

RKUnhooked won't run. Error = Error Loading/opening driver

I'm in safe mode as owner... not administrator. Does that matter?

dds.scr below & attached as instructed.

Thanks for the help.

====

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Owner at 12:33:50.71 on Thu 09/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.303 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\Security\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.netpv.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: Easy-WebPrint: {03c1c47f-0538-4645-8372-d3109b9fc636} - c:\program files\canon\easy-webprint\Toolband.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [Rfofekibehav] rundll32.exe "c:\windows\utibuvog.dll",Startup

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe

uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

TCP: {F8A6B7D6-4685-44F7-BBBC-CD647744A0FD} = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

mASetup: {B0B9B83C-BBFC-49F5-93F4-BC388B073320} - rundll32.exe "c:\documents and settings\owner\application data\bitrix security\hwwkat9.dll", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {CBF38F34-5F7F-4CB6-9A2A-216874E5E120} - c:\documents and settings\owner\local settings\application data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-15 532224]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-17 335240]

S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-17 27784]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-17 297752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]

S2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\compact wireless-g usb network adapter with speedbooster\WLService.exe [2007-3-18 53307]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-12-5 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2007-12-5 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2007-12-5 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-12-5 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]

=============== Created Last 30 ================

2010-09-29 23:37:53 0 d-----w- c:\program files\Trend Micro

2010-09-29 23:07:44 0 d-----w- c:\program files\CCleaner

2010-09-28 22:36:35 0 ----a-w- c:\windows\system32\19169.exe

2010-09-28 22:16:35 0 ----a-w- c:\windows\system32\26500.exe

2010-09-28 21:56:35 0 ----a-w- c:\windows\system32\6334.exe

2010-09-28 21:36:35 0 ----a-w- c:\windows\system32\18467.exe

2010-09-28 21:01:05 0 ----a-w- c:\windows\system32\ES17.exe

2010-09-28 20:20:57 120 ----a-w- c:\windows\Uxovokelodas.dat

2010-09-28 20:20:57 0 ----a-w- c:\windows\Gpiwohewazuc.bin

2010-09-28 20:19:23 141 ----a-w- c:\docume~1\owner\applic~1\jsdfgs.bat

2010-09-28 20:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

2010-09-28 20:19:06 0 d-----w- c:\docume~1\owner\applic~1\Bitrix Security

2010-09-28 16:06:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-23 20:10:45 0 d-----w- c:\documents and settings\owner\workspace

2010-09-15 13:27:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27:05 0 d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27:03 420800 ----a-w- c:\windows\system32\vsconfig.xml

2010-09-15 13:27:00 0 d-----w- c:\program files\Zone Labs

2010-09-12 15:33:14 854 ----a-w- c:\documents and settings\owner\.recently-used.xbel

2010-09-12 15:32:51 706222 ----a-w- c:\documents and settings\owner\Layers Test.xcf

2010-09-12 15:32:51 0 d-----w- c:\documents and settings\owner\.thumbnails

2010-09-09 20:20:06 0 d-----w- c:\docume~1\owner\applic~1\OpenOffice.org

2010-09-09 19:12:10 0 d-----w- c:\program files\JRE

2010-09-09 19:11:44 0 d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-09 19:11:18 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50:35 0 d-----w- c:\documents and settings\owner\.gimp-2.6

2010-09-09 15:42:20 0 d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29:18 0 d-----w- c:\program files\Paint.NET

2010-09-08 12:00:09 0 d-----w- c:\program files\IKE Software

2010-09-08 12:00:09 0 d-----w- c:\program files\common files\IKE Software

==================== Find3M ====================

2010-09-15 13:28:06 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2008-10-03 16:03:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100320081004\index.dat

============= FINISH: 12:34:54.73 ===============

Attach.txt

Link to post
Share on other sites

Here it is.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3907584 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 81.33 )

0xF5778000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3645440 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xF5D2A000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3497984 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.33 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2066816 bytes

0x804D7000 RAW 2066816 bytes

0x804D7000 WMIxWDM 2066816 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF5B9A000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)

0xF5AF2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xF73D6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xEEE97000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)

0xEEDDA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF5639000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xEEF40000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB99A7000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xEEBAD000 C:\WINDOWS\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xF570A000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 303104 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB920C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB97D7000 C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS 262144 bytes

0xF56D3000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)

0xF5C99000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0xF7551000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9A76000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF73A9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF74AC000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)

0xB8076000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xEEE4A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xEEF18000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xEEDB4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xEBCD9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF5754000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5CF2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF5CCF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xEEE75000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF748C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7521000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF738F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF74D8000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)

0xF74F1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xEBCC1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7509000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF7463000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF56A8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB9BE3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF56BF000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF5D16000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x806D0000 ACPI_HAL 81152 bytes

0x806D0000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xEEF99000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF747A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7540000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF5697000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF732F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF78A0000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF78D0000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF78C0000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF78B0000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF7700000 SMPLSCSI.SYS 61440 bytes (OnSpec Electronic, Inc., OnSpec SCSI Miniport Driver)

0xF6B6F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF40EC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF76E0000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)

0xF76B0000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)

0xF7750000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF78E0000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF78F0000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF76A0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7730000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF7720000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF736F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7790000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF77C0000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)

0xF77A0000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)

0xF77B0000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)

0xF407C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF6B3F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7690000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF737F000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7780000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)

0xF7680000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF40FC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7710000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF76D0000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)

0xF7770000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)

0xF734F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7740000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xEDD9D000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF735F000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF409C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB9987000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF40CC000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)

0xF6B4F000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF7760000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF76C0000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF76F0000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)

0xF3203000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF79A0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF3F2A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7930000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)

0xF7940000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)

0xF7998000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7918000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)

0xF3F42000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7968000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)

0xF7900000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7960000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)

0xEE145000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)

0xF7938000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)

0xEE13D000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF7948000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)

0xF7950000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)

0xF33FA000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xF79A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF79C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF3F3A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7958000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)

0xF7928000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)

0xF7920000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)

0xF3F32000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7908000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF79B8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF79C0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7910000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)

0xF79B0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7A88000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF79F8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xEDA40000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xF7A9C000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)

0xF7AAC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)

0xF7AB4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)

0xF7A98000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)

0xF7AA4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)

0xB9537000 C:\WINDOWS\system32\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)

0xF7AB0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)

0xF72BB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xEE230000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7B78000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)

0xF7B7C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7AA0000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)

0xF7AA8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)

0xB9C00000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 12288 bytes (Adaptec, ASPI for WIN32 Kernel Driver)

0xF7A94000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xEDA50000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7B54000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF5631000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xB9A6A000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)

0xF5635000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF72CB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF5619000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7B82000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)

0xF7B98000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)

0xF7BF8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B8C000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)

0xF7B84000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)

0xF7C2A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7BF6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B8A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7BFA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7B8E000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)

0xF7BFC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7BA8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B86000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)

0xF7BEE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B88000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7B80000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x86B52000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7DC7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7D87000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))

0xF7DA0000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))

0xED850000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7DA1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7C48000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

!!!!!!!!!!!Hidden driver: 0x86B5BA9F ?_empty_? 1377 bytes

==============================================

>Stealth

==============================================

0xF74F1000 WARNING: suspicious driver modification [atapi.sys::0x86B5BA9F]

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7CIFDBNO\252C+%252526+DVDs%25255EVideo+%252526+DVD+Sales+%252526+Rental%25255E%2526RC%253D1%2526CTS%253DVideo+%252526+DVD+Sales+%252526+Rental%2526MCBP%253Dtrue[1]1]

!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UB9KSCGJ\2Fyellowpages.superpages.com%252Flistings[1].jsp%253FSRC%253Dyellowcom%2526C%253DMovie%2526STYPE%253DS%2526L%253DMelbourne+FL%2526F%253D1%2526MCBP%253Dtruef

!-->[Hidden] C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1004\A0082210.RDB

!-->[Hidden] C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1004\A0082211.RDB

!-->[Hidden] C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1004\A0082212.RDB

!-->[Hidden] C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1004\A0082213.RDB

!-->[Hidden] C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1004\A0082214.RDB

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002AC38, Type: Inline - RelativeJump 0x80501C38-->80501C2E [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002AD8C, Type: Inline - RelativeJump 0x80501D8C-->80501D82 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002AF04, Type: Inline - RelativeJump 0x80501F04-->80501EFA [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002AF3C, Type: Inline - RelativeJump 0x80501F3C-->80501F32 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe]

tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xEEF7F428-->EEEBDCBA [vsdatant.sys]

tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xEEF7F454-->EEEBD4C8 [vsdatant.sys]

tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEEF7F460-->EEEBD672 [vsdatant.sys]

wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF3208B4C-->EEEBDCBA [vsdatant.sys]

wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF3208B1C-->EEEBBC2A [vsdatant.sys]

wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF3208B3C-->EEEBD4C8 [vsdatant.sys]

wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF3208B28-->EEEBD672 [vsdatant.sys]

[1116]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1116]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1116]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1116]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1116]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1116]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1116]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]

[1556]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[1556]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[1556]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1556]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1556]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1556]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1556]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1556]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1556]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1556]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[1556]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[2884]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[2884]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[2884]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[2884]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[2884]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]

[2884]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[2884]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

Link to post
Share on other sites

Mel_3:

icon11.gif Download ComboFix from one of the following locations:

Link 1

Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

Well I did have a problem with ComboFix. It reported "rootkit" and needed to restart... but the restart didn't go right and AVG 8.5 & ZoneAlarm turned back on during boot.

I think I successfully disabled AVG & ZA from starting on reboot... and then re-ran ComboFix (before I saw I shouldn't :)

ComboFix ran, reported rootkit, I clicked OK to restart the computer per ComboFix's instructions

Log below... (Thank you so much for your help)

ComboFix 10-09-30.03 - Owner 10/01/2010 14:22:42.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.591 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Security\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\Bitrix Security

c:\documents and settings\Owner\Application Data\Bitrix Security\hjzvk

c:\documents and settings\Owner\Application Data\Bitrix Security\hwwkat9_shrd

c:\documents and settings\Owner\Application Data\Bitrix Security\qnf.txt

c:\documents and settings\Owner\Application Data\jsdfgs.bat

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe

c:\progra~1\AVG\AVG8\avgtray.exe

c:\program files\Common Files\Java\Java Update\jusched.exe

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

c:\program files\Scansoft\PaperPort\IndexSearch.exe

c:\program files\Scansoft\PaperPort\pptd40nt.exe

c:\windows\AutoRun.ini

c:\windows\Downloaded Program Files\Install.inf

c:\windows\Fonts\mO8P6.com

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\26500.exe

c:\windows\system32\6334.exe

c:\windows\system32\ES17.exe

c:\windows\system32\spool\prtprocs\w32x86\CNMPP75.DLL

c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))

.

2010-09-29 23:37 . 2010-09-29 23:37 -------- d-----w- c:\program files\Trend Micro

2010-09-29 23:31 . 2010-09-29 23:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-09-29 23:07 . 2010-09-29 23:07 -------- d-----w- c:\program files\CCleaner

2010-09-29 21:23 . 2010-09-09 12:16 10818904 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe

2010-09-29 21:23 . 2010-09-09 12:09 840200 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe

2010-09-28 21:17 . 2010-09-28 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 20:20 . 2010-09-29 23:05 120 ----a-w- c:\windows\Uxovokelodas.dat

2010-09-28 20:20 . 2010-09-29 13:51 0 ----a-w- c:\windows\Gpiwohewazuc.bin

2010-09-28 20:20 . 2010-09-28 20:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}

2010-09-28 20:19 . 2010-09-29 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-28 16:06 . 2010-10-01 14:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-24 19:32 . 2010-09-09 12:16 10818904 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.exe

2010-09-24 19:32 . 2010-09-09 12:09 840200 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.exe

2010-09-23 20:10 . 2010-09-23 22:24 -------- d-----w- c:\documents and settings\Owner\workspace

2010-09-15 13:27 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-09-15 13:27 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-09-15 13:27 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27 . 2010-09-15 13:28 -------- d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- c:\program files\Zone Labs

2010-09-15 13:01 . 2010-09-15 13:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-sse.dll

2010-09-15 13:01 . 2010-09-15 13:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcp71.dll

2010-09-15 13:01 . 2010-09-15 13:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\jmc.dll

2010-09-15 13:01 . 2010-09-15 13:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcr71.dll

2010-09-15 13:01 . 2010-09-15 13:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-d3d.dll

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\.thumbnails

2010-09-09 20:20 . 2010-09-09 20:20 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 20:20 . 2010-09-09 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-09-09 19:12 . 2010-09-09 19:12 -------- d-----w- c:\program files\JRE

2010-09-09 19:11 . 2010-09-09 19:12 -------- d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50 . 2010-09-12 15:36 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6

2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\program files\Paint.NET

2010-09-09 14:29 . 2010-09-09 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET

2010-09-09 12:16 . 2010-09-09 12:16 170904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll

2010-09-09 12:16 . 2010-09-09 12:16 10818904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe

2010-09-09 12:16 . 2010-09-09 12:16 804248 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe

2010-09-09 12:15 . 2010-09-09 12:15 83352 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqem_apiw.dll

2010-09-09 12:15 . 2010-09-09 12:15 206232 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic4.dll

2010-09-09 12:15 . 2010-09-09 12:15 734616 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic2.dll

2010-09-09 12:15 . 2010-09-09 12:15 202136 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic1.dll

2010-09-09 12:15 . 2010-09-09 12:15 480680 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll

2010-09-09 12:15 . 2010-09-09 12:15 214432 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll

2010-09-09 12:15 . 2010-09-09 12:15 325024 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll

2010-09-09 12:15 . 2010-09-09 12:15 632240 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll

2010-09-09 12:14 . 2010-09-09 12:14 170904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll

2010-09-09 12:14 . 2010-09-09 12:14 170904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll

2010-09-09 12:10 . 2010-09-09 12:10 170904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\lr00000\magicJack.dll

2010-09-09 12:09 . 2010-09-09 12:09 22156688 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe

2010-09-09 12:09 . 2010-09-09 12:09 50592 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2 .exe

2010-09-09 12:09 . 2010-09-09 12:09 840200 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe

2010-09-09 12:09 . 2010-09-09 12:09 170904 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll

2010-09-09 12:08 . 2010-09-09 12:08 103840 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe

2010-09-09 12:08 . 2010-09-09 12:08 103840 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe

2010-09-09 12:08 . 2010-09-09 12:08 442800 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2010-09-09 12:08 . 2010-09-09 12:08 442800 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe

2010-09-09 12:08 . 2010-09-09 12:08 442800 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe

2010-09-09 12:08 . 2010-09-09 12:08 442800 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\Common Files\IKE Software

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\IKE Software

2010-09-07 13:17 . 2010-09-07 13:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-01 18:33 . 2010-06-04 12:52 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

2010-10-01 16:04 . 2005-11-23 01:15 -------- d-----w- c:\program files\QuickTime

2010-09-30 17:44 . 2004-08-26 16:12 94212 ----a-w- c:\windows\system32\rundll32.exe

2010-09-29 14:09 . 2009-12-29 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-28 14:02 . 2010-09-28 14:01 1595492 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-26 14:26 . 2006-01-27 15:00 222296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-21 14:00 . 2005-11-23 01:08 -------- d-----w- c:\program files\Google

2010-09-15 13:28 . 2008-06-17 17:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Java

2010-08-24 21:07 . 2010-08-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-02 21:04 . 2010-08-02 21:03 21706717 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_08_02_14_28_05_full.dmp.zip

2010-07-22 15:49 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-11-04 18:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Scansoft\PaperPort\IndexSearch .exe
c:\program files\Scansoft\PaperPort\pptd40nt .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk

backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

c:\progra~1\AVG\AVG8\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]

c:\progra~1\McAfee.com\Shared\mcappins.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

c:\program files\Scansoft\PaperPort\IndexSearch.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

c:\progra~1\mcafee.com\agent\mcupdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

c:\progra~1\mcafee\SPAMKI~1\mskagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-09-18 16:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-09-18 16:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

c:\program files\McAfee.com\VSO\oasclnt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

c:\program files\Scansoft\PaperPort\pptd40nt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rfofekibehav]

2008-04-14 00:12 198144 ----a-w- c:\windows\utibuvog.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-26 23:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

c:\program files\Common Files\Java\Java Update\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

c:\program files\McAfee.com\VSO\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2008 11:12 AM 335240]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2008 11:11 AM 297752]

R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/18/2007 3:46 PM 53307]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 7:52 AM 136176]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [12/5/2007 11:18 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [12/5/2007 11:18 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [12/5/2007 11:18 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [12/5/2007 11:18 AM 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0B9B83C-BBFC-49F5-93F4-BC388B073320}]

c:\documents and settings\Owner\Application Data\Bitrix Security\hwwkat9.dll [N/A]

.

Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netpv.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

TCP: {F8A6B7D6-4685-44F7-BBBC-CD647744A0FD} = 192.168.1.1

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: XULRunner: {CBF38F34-5F7F-4CB6-9A2A-216874E5E120} - c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-01 14:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys PCIIDEX.SYS >>UNKNOWN [0x86AE5C56]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7754f28

\Driver\ACPI -> ACPI.sys @ 0xf7557cb8

\Driver\atapi -> atapi.sys @ 0xf74f7852

IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76

\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)

c:\windows\system32\WININET.dll

.

Completion time: 2010-10-01 14:40:29

ComboFix-quarantined-files.txt 2010-10-01 18:40

Pre-Run: 31,982,612,480 bytes free

Post-Run: 34,165,096,448 bytes free

- - End Of File - - 47F6A5D43012669F71EE30A5737186D5

Link to post
Share on other sites

Mel_3:

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Once complete, a log will be produced at root. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Attach that log, please.

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above http://

http://forums.malwarebytes.org/index.php?showtopic=63820
Collect::
c:\windows\Uxovokelodas.dat
c:\windows\utibuvog.dll
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
DirLook::
c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}
File::
c:\windows\Gpiwohewazuc.bin
Folder::
c:\documents and settings\Owner\Application Data\mjusbsp
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rfofekibehav]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0B9B83C-BBFC-49F5-93F4-BC388B073320}]
RenV::
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Scansoft\PaperPort\IndexSearch .exe
c:\program files\Scansoft\PaperPort\pptd40nt .exe
c:\windows\system32\rundll32 .exe

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Thanks again for the help. Here are the log files. Couple of points.

1 - TDSSKiller rebooted & created two logs. First log first. Second log second.

2 - Forgot to disable ZoneAlarm after pasting code into & running ComboFix but log included.

---------------------------------------------------------- START TDSSKiller log before reboot

2010/10/02 09:52:38.0777 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54

2010/10/02 09:52:38.0777 ================================================================================

2010/10/02 09:52:38.0777 SystemInfo:

2010/10/02 09:52:38.0777

2010/10/02 09:52:38.0777 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/02 09:52:38.0777 Product type: Workstation

2010/10/02 09:52:38.0777 ComputerName: OFFICE

2010/10/02 09:52:38.0787 UserName: Owner

2010/10/02 09:52:38.0787 Windows directory: C:\WINDOWS

2010/10/02 09:52:38.0787 System windows directory: C:\WINDOWS

2010/10/02 09:52:38.0787 Processor architecture: Intel x86

2010/10/02 09:52:38.0787 Number of processors: 1

2010/10/02 09:52:38.0787 Page size: 0x1000

2010/10/02 09:52:38.0787 Boot type: Normal boot

2010/10/02 09:52:38.0787 ================================================================================

2010/10/02 09:52:39.0068 Initialize success

2010/10/02 09:53:14.0198 ================================================================================

2010/10/02 09:53:14.0198 Scan started

2010/10/02 09:53:14.0198 Mode: Manual;

2010/10/02 09:53:14.0198 ================================================================================

2010/10/02 09:53:14.0839 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/02 09:53:15.0060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/02 09:53:15.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/02 09:53:15.0470 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/02 09:53:15.0660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/02 09:53:15.0921 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/02 09:53:16.0151 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/02 09:53:16.0351 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/02 09:53:16.0562 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/02 09:53:16.0782 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/02 09:53:16.0992 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/02 09:53:17.0233 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/02 09:53:17.0543 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/02 09:53:17.0894 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/02 09:53:18.0084 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/02 09:53:18.0274 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/02 09:53:18.0464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/02 09:53:18.0665 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/02 09:53:18.0845 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/02 09:53:19.0045 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/02 09:53:19.0236 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/10/02 09:53:19.0466 ASPI32 (31ed89badd47130ad57cce8c8dfb5b27) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/02 09:53:19.0656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/02 09:53:19.0897 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/02 09:53:20.0257 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/02 09:53:20.0477 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/02 09:53:20.0728 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/10/02 09:53:20.0948 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/10/02 09:53:21.0138 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/02 09:53:21.0329 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/10/02 09:53:21.0559 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys

2010/10/02 09:53:21.0759 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys

2010/10/02 09:53:21.0980 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/10/02 09:53:22.0290 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/02 09:53:22.0470 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/02 09:53:22.0651 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/02 09:53:22.0841 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/02 09:53:23.0041 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/02 09:53:23.0251 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/02 09:53:23.0422 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/02 09:53:23.0622 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/02 09:53:24.0032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/02 09:53:24.0233 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/02 09:53:24.0453 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/02 09:53:24.0653 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/02 09:53:24.0854 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/02 09:53:25.0124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/02 09:53:25.0334 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/02 09:53:25.0525 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/02 09:53:25.0705 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/02 09:53:25.0905 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/02 09:53:26.0105 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/02 09:53:26.0326 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/02 09:53:26.0536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/02 09:53:26.0746 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/02 09:53:26.0967 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/02 09:53:27.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/02 09:53:27.0397 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/02 09:53:27.0608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/02 09:53:27.0808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/02 09:53:27.0978 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2010/10/02 09:53:28.0178 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/02 09:53:28.0379 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/02 09:53:28.0589 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/02 09:53:28.0829 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/10/02 09:53:29.0100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/02 09:53:29.0310 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/02 09:53:29.0480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/02 09:53:29.0671 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/02 09:53:29.0861 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/02 09:53:30.0071 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/02 09:53:30.0271 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/02 09:53:30.0472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/02 09:53:30.0672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/02 09:53:30.0862 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/02 09:53:31.0053 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/02 09:53:31.0283 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/02 09:53:31.0503 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/02 09:53:31.0714 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/02 09:53:31.0904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/02 09:53:32.0084 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/02 09:53:32.0284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/02 09:53:32.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/02 09:53:32.0905 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/02 09:53:33.0156 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/10/02 09:53:33.0356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/02 09:53:33.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/02 09:53:33.0746 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/02 09:53:34.0177 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/02 09:53:34.0407 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/02 09:53:34.0588 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/02 09:53:34.0768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/02 09:53:35.0028 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/02 09:53:35.0349 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/02 09:53:35.0539 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/02 09:53:35.0749 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/02 09:53:35.0940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/02 09:53:36.0120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/02 09:53:36.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/02 09:53:36.0591 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2010/10/02 09:53:36.0841 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/02 09:53:37.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/02 09:53:37.0252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/02 09:53:37.0442 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/02 09:53:37.0632 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/02 09:53:37.0822 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/02 09:53:38.0043 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/02 09:53:38.0313 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/02 09:53:38.0503 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/02 09:53:38.0744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/02 09:53:39.0054 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/02 09:53:39.0405 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/10/02 09:53:39.0625 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/10/02 09:53:39.0825 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/02 09:53:40.0025 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/02 09:53:40.0226 ONSIO (788f97dfc016ded8fe910e1f34e6462c) C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS

2010/10/02 09:53:40.0486 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/10/02 09:53:40.0676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/02 09:53:40.0877 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/02 09:53:41.0087 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/02 09:53:41.0317 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/02 09:53:41.0678 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/02 09:53:41.0868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/02 09:53:42.0459 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/02 09:53:42.0689 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/02 09:53:42.0910 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/02 09:53:43.0110 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/02 09:53:43.0290 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/02 09:53:43.0511 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/02 09:53:43.0721 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/02 09:53:43.0901 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/02 09:53:44.0121 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/02 09:53:44.0302 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/02 09:53:44.0522 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/02 09:53:44.0712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/02 09:53:44.0903 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/02 09:53:45.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/02 09:53:45.0293 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/02 09:53:45.0513 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/02 09:53:45.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/02 09:53:45.0954 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/02 09:53:46.0154 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/02 09:53:46.0365 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/02 09:53:46.0575 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/02 09:53:46.0805 rt2500usb (9621807bf414bca55b3ef3c4591a2f20) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

2010/10/02 09:53:47.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/02 09:53:47.0226 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/02 09:53:47.0456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/02 09:53:47.0666 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/02 09:53:48.0037 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/02 09:53:48.0237 SMPLSCSI (405efa5a9748155af1f90aa1a26b6503) C:\WINDOWS\system32\drivers\SMPLSCSI.SYS

2010/10/02 09:53:48.0418 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/02 09:53:48.0648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/02 09:53:48.0858 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/02 09:53:49.0079 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/02 09:53:49.0309 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/10/02 09:53:49.0489 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/02 09:53:49.0679 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/02 09:53:49.0890 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/02 09:53:50.0080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/02 09:53:50.0280 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/02 09:53:50.0491 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/02 09:53:50.0711 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/02 09:53:51.0001 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/02 09:53:51.0202 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/02 09:53:51.0402 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/02 09:53:51.0642 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/02 09:53:51.0842 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/02 09:53:52.0043 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/02 09:53:52.0253 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/02 09:53:52.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/02 09:53:52.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/02 09:53:52.0924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/02 09:53:53.0114 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/02 09:53:53.0305 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/02 09:53:53.0485 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/02 09:53:53.0705 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/02 09:53:53.0905 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/02 09:53:54.0066 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/02 09:53:54.0276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/02 09:53:54.0466 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/10/02 09:53:54.0687 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/02 09:53:54.0907 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/02 09:53:55.0097 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/02 09:53:55.0327 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/02 09:53:55.0508 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys

2010/10/02 09:53:55.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/02 09:53:55.0918 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/02 09:53:56.0259 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/02 09:53:56.0489 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/02 09:53:56.0659 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/02 09:53:56.0659 ================================================================================

2010/10/02 09:53:56.0659 Scan finished

2010/10/02 09:53:56.0659 ================================================================================

2010/10/02 09:53:56.0679 Detected object count: 1

2010/10/02 09:54:24.0800 \HardDisk0\MBR - will be cured after reboot

2010/10/02 09:54:24.0800 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/02 09:54:31.0039 Deinitialize success

---------------------------------------------------------- END TDSSKiller log before reboot

---------------------------------------------------------- START TDSSKiller log AFTER reboot

2010/10/02 09:59:27.0160 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54

2010/10/02 09:59:27.0160 ================================================================================

2010/10/02 09:59:27.0160 SystemInfo:

2010/10/02 09:59:27.0160

2010/10/02 09:59:27.0160 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/02 09:59:27.0160 Product type: Workstation

2010/10/02 09:59:27.0160 ComputerName: OFFICE

2010/10/02 09:59:27.0160 UserName: Owner

2010/10/02 09:59:27.0160 Windows directory: C:\WINDOWS

2010/10/02 09:59:27.0160 System windows directory: C:\WINDOWS

2010/10/02 09:59:27.0160 Processor architecture: Intel x86

2010/10/02 09:59:27.0160 Number of processors: 1

2010/10/02 09:59:27.0160 Page size: 0x1000

2010/10/02 09:59:27.0160 Boot type: Normal boot

2010/10/02 09:59:27.0160 ================================================================================

2010/10/02 09:59:27.0380 Initialize success

2010/10/02 09:59:30.0695 ================================================================================

2010/10/02 09:59:30.0695 Scan started

2010/10/02 09:59:30.0695 Mode: Manual;

2010/10/02 09:59:30.0695 ================================================================================

2010/10/02 09:59:31.0967 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/02 09:59:32.0197 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/02 09:59:32.0548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/02 09:59:32.0798 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/02 09:59:32.0988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/02 09:59:33.0199 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/02 09:59:33.0439 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/02 09:59:33.0629 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/02 09:59:33.0839 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/02 09:59:34.0060 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/02 09:59:34.0320 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/02 09:59:34.0561 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/02 09:59:34.0871 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/02 09:59:35.0191 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/02 09:59:35.0402 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/02 09:59:35.0622 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/02 09:59:35.0822 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/02 09:59:36.0023 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/02 09:59:36.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/02 09:59:36.0383 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/02 09:59:36.0583 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/10/02 09:59:36.0814 ASPI32 (31ed89badd47130ad57cce8c8dfb5b27) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/02 09:59:37.0004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/02 09:59:37.0224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/02 09:59:37.0585 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/02 09:59:37.0805 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/02 09:59:38.0046 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/10/02 09:59:38.0246 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/10/02 09:59:38.0436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/02 09:59:38.0636 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/10/02 09:59:38.0857 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys

2010/10/02 09:59:39.0067 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys

2010/10/02 09:59:39.0267 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/10/02 09:59:39.0628 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/02 09:59:39.0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/02 09:59:39.0998 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/02 09:59:40.0189 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/02 09:59:40.0409 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/02 09:59:40.0599 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/02 09:59:40.0789 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/02 09:59:40.0980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/02 09:59:41.0310 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/02 09:59:41.0521 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/02 09:59:41.0911 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/02 09:59:42.0191 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/02 09:59:42.0402 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/02 09:59:42.0602 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/02 09:59:42.0822 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/02 09:59:43.0013 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/02 09:59:43.0193 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/02 09:59:43.0423 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/02 09:59:43.0604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/02 09:59:43.0824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/02 09:59:44.0034 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/02 09:59:44.0244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/02 09:59:44.0435 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/02 09:59:44.0645 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/02 09:59:44.0865 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/02 09:59:45.0076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/02 09:59:45.0306 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/02 09:59:45.0466 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2010/10/02 09:59:45.0666 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/02 09:59:45.0877 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/02 09:59:46.0087 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/02 09:59:46.0347 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/10/02 09:59:46.0628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/02 09:59:46.0838 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/02 09:59:47.0018 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/02 09:59:47.0199 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/02 09:59:47.0389 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/02 09:59:47.0609 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/02 09:59:47.0800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/02 09:59:47.0990 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/02 09:59:48.0190 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/02 09:59:48.0370 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/02 09:59:48.0561 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/02 09:59:48.0791 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/02 09:59:48.0971 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/02 09:59:49.0182 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/02 09:59:49.0422 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/02 09:59:49.0612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/02 09:59:49.0782 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/02 09:59:50.0013 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/02 09:59:50.0403 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/02 09:59:50.0604 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/10/02 09:59:50.0804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/02 09:59:50.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/02 09:59:51.0184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/02 09:59:51.0395 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/02 09:59:51.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/02 09:59:51.0845 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/02 09:59:52.0036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/02 09:59:52.0306 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/02 09:59:52.0556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/02 09:59:52.0747 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/02 09:59:52.0927 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/02 09:59:53.0117 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/02 09:59:53.0327 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/02 09:59:53.0558 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/02 09:59:53.0758 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2010/10/02 09:59:54.0018 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/02 09:59:54.0219 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/02 09:59:54.0439 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/02 09:59:54.0629 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/02 09:59:54.0820 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/02 09:59:55.0010 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/02 09:59:55.0240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/02 09:59:55.0481 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/02 09:59:55.0661 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/02 09:59:55.0901 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/02 09:59:56.0202 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/02 09:59:56.0492 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/10/02 09:59:56.0712 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/10/02 09:59:56.0913 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/02 09:59:57.0103 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/02 09:59:57.0323 ONSIO (788f97dfc016ded8fe910e1f34e6462c) C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS

2010/10/02 09:59:57.0534 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/10/02 09:59:57.0724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/02 09:59:57.0924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/02 09:59:58.0124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/02 09:59:58.0355 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/02 09:59:58.0715 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/02 09:59:58.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/02 09:59:59.0737 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/02 09:59:59.0917 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/02 10:00:00.0127 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/02 10:00:00.0338 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/02 10:00:00.0518 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/02 10:00:00.0728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/02 10:00:00.0938 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/02 10:00:01.0169 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/02 10:00:01.0369 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/02 10:00:01.0569 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/02 10:00:01.0760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/02 10:00:01.0970 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/02 10:00:02.0150 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/02 10:00:02.0340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/02 10:00:02.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/02 10:00:02.0741 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/02 10:00:02.0981 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/02 10:00:03.0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/02 10:00:03.0372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/02 10:00:03.0572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/02 10:00:03.0783 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/02 10:00:04.0013 rt2500usb (9621807bf414bca55b3ef3c4591a2f20) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

2010/10/02 10:00:04.0233 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/02 10:00:04.0433 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/02 10:00:04.0654 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/02 10:00:04.0854 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/02 10:00:05.0235 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/02 10:00:05.0445 SMPLSCSI (405efa5a9748155af1f90aa1a26b6503) C:\WINDOWS\system32\drivers\SMPLSCSI.SYS

2010/10/02 10:00:05.0665 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/02 10:00:05.0856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/02 10:00:06.0056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/02 10:00:06.0276 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/02 10:00:06.0486 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/10/02 10:00:06.0667 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/02 10:00:06.0847 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/02 10:00:07.0067 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/02 10:00:07.0248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/02 10:00:07.0458 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/02 10:00:07.0678 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/02 10:00:07.0858 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/02 10:00:08.0149 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/02 10:00:08.0429 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/02 10:00:08.0619 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/02 10:00:08.0830 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/02 10:00:09.0020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/02 10:00:09.0220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/02 10:00:09.0451 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/02 10:00:09.0661 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/02 10:00:09.0891 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/02 10:00:10.0082 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/02 10:00:10.0272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/02 10:00:10.0462 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/02 10:00:10.0682 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/02 10:00:10.0863 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/02 10:00:11.0063 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/02 10:00:11.0243 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/02 10:00:11.0444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/02 10:00:11.0634 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/10/02 10:00:11.0834 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/02 10:00:12.0064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/02 10:00:12.0245 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/02 10:00:12.0465 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/02 10:00:12.0635 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys

2010/10/02 10:00:12.0826 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/02 10:00:13.0036 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/02 10:00:13.0376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/02 10:00:13.0607 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/02 10:00:13.0787 ================================================================================

2010/10/02 10:00:13.0787 Scan finished

2010/10/02 10:00:13.0787 ================================================================================

2010/10/02 10:03:10.0711 Deinitialize success

---------------------------------------------------------- END TDSSKiller log AFTER reboot

---------------------------------------------------------- START ComboFix log

ComboFix 10-09-30.03 - Owner 10/02/2010 11:00:20.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.576 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Security\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\Security\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\windows\Gpiwohewazuc.bin"

file zipped: c:\windows\utibuvog.dll

file zipped: c:\windows\Uxovokelodas.dat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\mjusbsp

c:\documents and settings\Owner\Application Data\mjusbsp\_911offline.html

c:\documents and settings\Owner\Application Data\mjusbsp\_shuttingdown.html

c:\documents and settings\Owner\Application Data\mjusbsp\_shuttingdownS.html

c:\documents and settings\Owner\Application Data\mjusbsp\_startupBanner.html

c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic1.dll

c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic2.dll

c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic4.dll

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\mjsetup.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\splash.gif

c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\WarningMJCouldNotStart.gif

c:\documents and settings\Owner\Application Data\mjusbsp\big.skn

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2 .exe

c:\documents and settings\Owner\Application Data\mjusbsp\closeWindow.png

c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline.html

c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline1.html

c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline1S.html

c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline2.html

c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline2S.html

c:\documents and settings\Owner\Application Data\mjusbsp\gwofflineS.html

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\splash.gif

c:\documents and settings\Owner\Application Data\mjusbsp\in00000\WarningMJCouldNotStart.gif

c:\documents and settings\Owner\Application Data\mjusbsp\Loader.gif

c:\documents and settings\Owner\Application Data\mjusbsp\lr00000\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe

c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe

c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe

c:\documents and settings\Owner\Application Data\mjusbsp\mainBannerOffline.html

c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll

c:\documents and settings\Owner\Application Data\mjusbsp\octvqem_apiw.dll

c:\documents and settings\Owner\Application Data\mjusbsp\reloadWindow.png

c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\small.skn

c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe

c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe

c:\documents and settings\Owner\Application Data\mjusbsp\st00000\splash.gif

c:\documents and settings\Owner\Application Data\mjusbsp\st00000\WarningMJCouldNotStart.gif

c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll

c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\splash.gif

c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\WarningMJCouldNotStart.gif

c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.exe

c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.ini

c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.exe

c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.ini

c:\documents and settings\Owner\Application Data\mjusbsp\WarningMJCouldNotStart.gif

c:\documents and settings\Owner\Application Data\mjusbsp\WarningNoDeviceFound.gif

c:\documents and settings\Owner\Application Data\mjusbsp\wroffline.html

c:\documents and settings\Owner\Application Data\mjusbsp\wroffline1.html

c:\documents and settings\Owner\Application Data\mjusbsp\wroffline1S.html

c:\documents and settings\Owner\Application Data\mjusbsp\wrofflineS.html

c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}

c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\install.rdf

c:\windows\Gpiwohewazuc.bin

c:\windows\utibuvog.dll

c:\windows\Uxovokelodas.dat

.

((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))

.

2010-09-29 23:37 . 2010-09-29 23:37 -------- d-----w- c:\program files\Trend Micro

2010-09-29 23:31 . 2010-09-29 23:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-09-29 23:07 . 2010-09-29 23:07 -------- d-----w- c:\program files\CCleaner

2010-09-28 21:17 . 2010-09-28 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 20:19 . 2010-09-29 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-28 16:06 . 2010-10-02 12:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-23 20:10 . 2010-09-23 22:24 -------- d-----w- c:\documents and settings\Owner\workspace

2010-09-15 13:27 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-09-15 13:27 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-09-15 13:27 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27 . 2010-09-15 13:28 -------- d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- c:\program files\Zone Labs

2010-09-15 13:01 . 2010-09-15 13:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-sse.dll

2010-09-15 13:01 . 2010-09-15 13:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcp71.dll

2010-09-15 13:01 . 2010-09-15 13:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\jmc.dll

2010-09-15 13:01 . 2010-09-15 13:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcr71.dll

2010-09-15 13:01 . 2010-09-15 13:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-d3d.dll

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\.thumbnails

2010-09-09 20:20 . 2010-09-09 20:20 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 20:20 . 2010-09-09 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-09-09 19:12 . 2010-09-09 19:12 -------- d-----w- c:\program files\JRE

2010-09-09 19:11 . 2010-09-09 19:12 -------- d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50 . 2010-09-12 15:36 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6

2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\program files\Paint.NET

2010-09-09 14:29 . 2010-09-09 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\Common Files\IKE Software

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\IKE Software

2010-09-07 13:17 . 2010-09-07 13:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 15:00 . 2005-11-23 01:15 -------- d-----w- c:\program files\QuickTime

2010-09-30 17:44 . 2010-10-02 15:08 94212 ----a-w- c:\windows\Fonts\mO8P6.com

2010-09-30 17:44 . 2004-08-26 16:12 94212 ----a-w- c:\windows\system32\rundll32.exe

2010-09-29 14:09 . 2009-12-29 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-28 14:02 . 2010-09-28 14:01 1595492 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-26 14:26 . 2006-01-27 15:00 222296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-21 14:00 . 2005-11-23 01:08 -------- d-----w- c:\program files\Google

2010-09-15 13:28 . 2008-06-17 17:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Java

2010-08-24 21:07 . 2010-08-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-02 21:04 . 2010-08-02 21:03 21706717 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_08_02_14_28_05_full.dmp.zip

2010-07-22 15:49 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-11-04 18:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

<pre>
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
</pre>

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120} ----

2010-09-28 20:20 . 2010-09-28 20:20 5954 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome\content\overlay.xul

2010-09-28 20:20 . 2010-09-28 20:20 2120 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome\content\_cfg.js

2010-09-28 20:20 . 2010-09-28 20:20 764 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\install.rdf

2010-09-28 20:20 . 2010-09-28 20:20 122 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\{CBF38F34-5F7F-4CB6-9A2A-216874E5E120}\chrome.manifest

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk

backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

2010-07-11 15:19 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]

c:\progra~1\McAfee.com\Shared\mcappins.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2002-08-12 16:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

c:\progra~1\mcafee.com\agent\mcupdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

c:\progra~1\mcafee\SPAMKI~1\mskagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-09-18 16:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-09-18 16:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

c:\program files\McAfee.com\VSO\oasclnt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2002-08-12 15:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-26 23:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

c:\program files\McAfee.com\VSO\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2008 11:12 AM 335240]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2008 11:11 AM 297752]

R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/18/2007 3:46 PM 53307]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 7:52 AM 136176]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [12/5/2007 11:18 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [12/5/2007 11:18 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [12/5/2007 11:18 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [12/5/2007 11:18 AM 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\At1.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At10.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At11.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At12.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At13.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At14.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At15.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At16.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At17.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At18.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At19.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At2.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At20.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At21.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At22.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At23.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At24.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At3.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At4.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At5.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At6.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At7.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At8.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\At9.job

- c:\windows\Fonts\mO8P6.com [2010-10-02 17:44]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netpv.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

TCP: {F8A6B7D6-4685-44F7-BBBC-CD647744A0FD} = 192.168.1.1

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-magicJack - c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-02 11:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2080)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\brss01a.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\wdfmgr.exe

c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2010-10-02 11:14:58 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-02 15:14

ComboFix2.txt 2010-10-01 18:40

Pre-Run: 33,843,892,224 bytes free

Post-Run: 33,789,845,504 bytes free

- - End Of File - - 351247D28833B93C97521F87CE5C6B04

Link to post
Share on other sites

Mel_3:

My apologies; It seems that I removed your MagicJack software. This ComboFix run will restore it:

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above ATJob::

ATJob::
DeQuarantine::
c:\documents and settings\Owner\Application Data\mjusbsp
c:\documents and settings\Owner\Application Data\mjusbsp\_911offline.html
c:\documents and settings\Owner\Application Data\mjusbsp\_shuttingdown.html
c:\documents and settings\Owner\Application Data\mjusbsp\_shuttingdownS.html
c:\documents and settings\Owner\Application Data\mjusbsp\_startupBanner.html
c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic1.dll
c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic2.dll
c:\documents and settings\Owner\Application Data\mjusbsp\AECOctasic4.dll
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\mjsetup.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\splash.gif
c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\WarningMJCouldNotStart.gif
c:\documents and settings\Owner\Application Data\mjusbsp\big.skn
c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2 .exe
c:\documents and settings\Owner\Application Data\mjusbsp\closeWindow.png
c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline.html
c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline1.html
c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline1S.html
c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline2.html
c:\documents and settings\Owner\Application Data\mjusbsp\gwoffline2S.html
c:\documents and settings\Owner\Application Data\mjusbsp\gwofflineS.html
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\splash.gif
c:\documents and settings\Owner\Application Data\mjusbsp\in00000\WarningMJCouldNotStart.gif
c:\documents and settings\Owner\Application Data\mjusbsp\Loader.gif
c:\documents and settings\Owner\Application Data\mjusbsp\lr00000\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe
c:\documents and settings\Owner\Application Data\mjusbsp\mainBannerOffline.html
c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll
c:\documents and settings\Owner\Application Data\mjusbsp\octvqem_apiw.dll
c:\documents and settings\Owner\Application Data\mjusbsp\reloadWindow.png
c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\small.skn
c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe
c:\documents and settings\Owner\Application Data\mjusbsp\st00000\splash.gif
c:\documents and settings\Owner\Application Data\mjusbsp\st00000\WarningMJCouldNotStart.gif
c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll
c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\splash.gif
c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\WarningMJCouldNotStart.gif
c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.exe
c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.ini
c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.exe
c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.ini
c:\documents and settings\Owner\Application Data\mjusbsp\WarningMJCouldNotStart.gif
c:\documents and settings\Owner\Application Data\mjusbsp\WarningNoDeviceFound.gif
c:\documents and settings\Owner\Application Data\mjusbsp\wroffline.html
c:\documents and settings\Owner\Application Data\mjusbsp\wroffline1.html
c:\documents and settings\Owner\Application Data\mjusbsp\wroffline1S.html
c:\documents and settings\Owner\Application Data\mjusbsp\wrofflineS.html
File::
c:\windows\Fonts\mO8P6.com
RenV::
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

Here it is.

Unfortunately I did not disable ZoneAlarm as instructed. (Reflex to leave it on I guess :welcome:

Let me know if I need to run it again... or whatever is the next step.

Thanks again for the help !!!!

ComboFix 10-09-30.03 - Owner 10/03/2010 9:44.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.558 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Security\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\Security\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\windows\Fonts\mO8P6.com"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Fonts\mO8P6.com

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))

.

2010-09-29 23:37 . 2010-09-29 23:37 -------- d-----w- c:\program files\Trend Micro

2010-09-29 23:31 . 2010-09-29 23:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-09-29 23:07 . 2010-09-29 23:07 -------- d-----w- c:\program files\CCleaner

2010-09-28 21:17 . 2010-09-28 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 20:19 . 2010-09-29 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-28 16:06 . 2010-10-02 12:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-23 20:10 . 2010-09-23 22:24 -------- d-----w- c:\documents and settings\Owner\workspace

2010-09-15 13:27 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-09-15 13:27 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-09-15 13:27 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27 . 2010-09-15 13:28 -------- d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- c:\program files\Zone Labs

2010-09-15 13:01 . 2010-09-15 13:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-sse.dll

2010-09-15 13:01 . 2010-09-15 13:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcp71.dll

2010-09-15 13:01 . 2010-09-15 13:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\jmc.dll

2010-09-15 13:01 . 2010-09-15 13:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcr71.dll

2010-09-15 13:01 . 2010-09-15 13:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-d3d.dll

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\.thumbnails

2010-09-09 20:20 . 2010-09-09 20:20 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 20:20 . 2010-09-09 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-09-09 19:12 . 2010-09-09 19:12 -------- d-----w- c:\program files\JRE

2010-09-09 19:11 . 2010-09-09 19:12 -------- d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50 . 2010-09-12 15:36 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6

2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\program files\Paint.NET

2010-09-09 14:29 . 2010-09-09 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\Common Files\IKE Software

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\IKE Software

2010-09-07 13:17 . 2010-09-07 13:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 15:00 . 2005-11-23 01:15 -------- d-----w- c:\program files\QuickTime

2010-09-30 17:44 . 2004-08-26 16:12 94212 ----a-w- c:\windows\system32\rundll32.exe

2010-09-29 14:09 . 2009-12-29 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-28 14:02 . 2010-09-28 14:01 1595492 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-26 14:26 . 2006-01-27 15:00 222296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-21 14:00 . 2005-11-23 01:08 -------- d-----w- c:\program files\Google

2010-09-15 13:28 . 2008-06-17 17:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Java

2010-08-24 21:07 . 2010-08-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-02 21:04 . 2010-08-02 21:03 21706717 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_08_02_14_28_05_full.dmp.zip

2010-07-22 15:49 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-11-04 18:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

<pre>
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk

backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

2010-07-11 15:19 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]

c:\progra~1\McAfee.com\Shared\mcappins.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2002-08-12 16:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

c:\progra~1\mcafee.com\agent\mcupdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

c:\progra~1\mcafee\SPAMKI~1\mskagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-09-18 16:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-09-18 16:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

c:\program files\McAfee.com\VSO\oasclnt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2002-08-12 15:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-26 23:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

c:\program files\McAfee.com\VSO\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2008 11:12 AM 335240]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2008 11:11 AM 297752]

R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/18/2007 3:46 PM 53307]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 7:52 AM 136176]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [12/5/2007 11:18 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [12/5/2007 11:18 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [12/5/2007 11:18 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [12/5/2007 11:18 AM 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netpv.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

TCP: {F8A6B7D6-4685-44F7-BBBC-CD647744A0FD} = 192.168.1.1

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-03 09:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3040)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\brss01a.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\wdfmgr.exe

c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe

c:\windows\system32\rundll32.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-10-03 09:59:06 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-03 13:59

ComboFix2.txt 2010-10-01 18:40

Pre-Run: 33,756,065,792 bytes free

Post-Run: 33,726,259,200 bytes free

- - End Of File - - 001F2C58200AA2B875AF0694A9C2AA1E

Link to post
Share on other sites

Mel_3:

Your Apple QuickTime application was infected and ComboFix is not finding suitable replacement files. Uninstall QuickTime via Control Panel > Add/Remove Programs, then download and install a fresh copy if you wish. You may also need to reinstall your MagicJack software as I'm not certain I was able to completely resotore it.

Please run these now:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • MBAM log
  • Kaspersky log
  • How is your computer running now?

Link to post
Share on other sites

I ran MBAM then Kaspersky Online Scanner 7 as you advised. Reports below.

1 - Kaspersky reports the computer as infected and I think it is as...

... at Power Up in normal mode Zone Alarm reports Rundll32.exe is attempting to go to ip address 83.133.119.139 DNS...

... and I Googled this ip address and it looks like a malware site...

... do you know if it is?

2 - And... Does Kaskersky fix the problems it found ? If not how?

OH, I had to run Kaspersky in Windows XP Pro Safe mode... it reported it could not stay connected in normal mode. But it load the Java Virtual Machine and ran fine in Safe Mode.

Thanks again for all the great help.

=== MBAM Report Start ===

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4741

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/4/2010 3:15:35 PM

mbam-log-2010-10-04 (15-15-35).txt

Scan type: Quick scan

Objects scanned: 144701

Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Fonts\mO8P6.com (Malware.Generic) -> Quarantined and deleted successfully.

=== MBAM Report End ===

=== KasReport Start ===

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, October 5, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, October 05, 2010 11:10:02

Records in database: 4281827

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 93102

Threats found: 7

Infected objects found: 52

Suspicious objects found: 0

Scan duration: 02:57:09

File name / Threat / Threats count

C:\Documents and Settings\All Users\Application Data\QC44k87A.exe Infected: Trojan.Win32.Powp.gen 1

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\Documents from Prior Use\My Downloads\VNC\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask .exe Infected: Trojan.Win32.Powp.gen 1

C:\Program Files\QuickTime\qttask.exe Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\IndexSearch.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\pptd40nt.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\PROGRA~1\AVG\AVG8\avgtray.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\mO8P6.com.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\[4]-Submit_2010-10-02_11.00.13.zip Infected: Trojan-Downloader.Win32.Mufanom.airf 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1003\A0081936.dll Infected: Trojan-PSW.Win32.Agent.uhe 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083334.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083335.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083336.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083337.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083338.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083340.com Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083783.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083785.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083786.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083787.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083788.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083789.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083790.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083793.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083794.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083796.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084007.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084008.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084009.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084010.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084011.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084012.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084013.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084014.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084020.com Infected: Trojan.Win32.Powp.gen 1

C:\WINDOWS\Fonts\mO8P6.com Infected: Trojan.Win32.Powp.gen 1

C:\WINDOWS\system32\rundll32.exe Infected: Trojan.Win32.Powp.gen 1

Selected area has been scanned.

=== KasReport End ===

Link to post
Share on other sites

Mel_3:

Yes, we still have work to do. Please do this next:

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\Documents and Settings\All Users\Application Data\QC44k87A.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\mO8P6.com

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

Here it is. FYI we ran ComboFix in Windows XP Safe Mode and it seemed to work fine.

Thanks again for sticking with this !! Great help !!!!

Here is the ComboFix log

ComboFix 10-10-05.05 - Owner 10/06/2010 10:33:58.4.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.757 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Security\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\Security\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\documents and settings\All Users\Application Data\QC44k87A.exe"

"c:\program files\QuickTime\qttask .exe"

"c:\program files\QuickTime\qttask.exe"

"c:\windows\Fonts\mO8P6.com"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\QC44k87A.exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask.exe

c:\windows\Fonts\mO8P6.com

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At25.job

c:\windows\Tasks\At26.job

c:\windows\Tasks\At27.job

c:\windows\Tasks\At28.job

c:\windows\Tasks\At29.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At30.job

c:\windows\Tasks\At31.job

c:\windows\Tasks\At32.job

c:\windows\Tasks\At33.job

c:\windows\Tasks\At34.job

c:\windows\Tasks\At35.job

c:\windows\Tasks\At36.job

c:\windows\Tasks\At37.job

c:\windows\Tasks\At38.job

c:\windows\Tasks\At39.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At40.job

c:\windows\Tasks\At41.job

c:\windows\Tasks\At42.job

c:\windows\Tasks\At43.job

c:\windows\Tasks\At44.job

c:\windows\Tasks\At45.job

c:\windows\Tasks\At46.job

c:\windows\Tasks\At47.job

c:\windows\Tasks\At48.job

c:\windows\Tasks\At49.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At50.job

c:\windows\Tasks\At51.job

c:\windows\Tasks\At52.job

c:\windows\Tasks\At53.job

c:\windows\Tasks\At54.job

c:\windows\Tasks\At55.job

c:\windows\Tasks\At56.job

c:\windows\Tasks\At57.job

c:\windows\Tasks\At58.job

c:\windows\Tasks\At59.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At60.job

c:\windows\Tasks\At61.job

c:\windows\Tasks\At62.job

c:\windows\Tasks\At63.job

c:\windows\Tasks\At64.job

c:\windows\Tasks\At65.job

c:\windows\Tasks\At66.job

c:\windows\Tasks\At67.job

c:\windows\Tasks\At68.job

c:\windows\Tasks\At69.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At70.job

c:\windows\Tasks\At71.job

c:\windows\Tasks\At72.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))

.

2010-10-04 18:10 . 2010-10-04 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-09-29 23:37 . 2010-09-29 23:37 -------- d-----w- c:\program files\Trend Micro

2010-09-29 23:31 . 2010-09-29 23:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-09-29 23:07 . 2010-09-29 23:07 -------- d-----w- c:\program files\CCleaner

2010-09-28 21:17 . 2010-09-28 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 20:19 . 2010-09-29 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-28 16:06 . 2010-10-06 12:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-23 20:10 . 2010-09-23 22:24 -------- d-----w- c:\documents and settings\Owner\workspace

2010-09-15 13:27 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-09-15 13:27 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-09-15 13:27 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27 . 2010-09-15 13:28 -------- d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- c:\program files\Zone Labs

2010-09-15 13:01 . 2010-09-15 13:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-sse.dll

2010-09-15 13:01 . 2010-09-15 13:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcp71.dll

2010-09-15 13:01 . 2010-09-15 13:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\jmc.dll

2010-09-15 13:01 . 2010-09-15 13:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcr71.dll

2010-09-15 13:01 . 2010-09-15 13:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-d3d.dll

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\.thumbnails

2010-09-09 20:20 . 2010-09-09 20:20 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 20:20 . 2010-09-09 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-09-09 19:12 . 2010-09-09 19:12 -------- d-----w- c:\program files\JRE

2010-09-09 19:11 . 2010-09-09 19:12 -------- d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50 . 2010-09-12 15:36 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6

2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\program files\Paint.NET

2010-09-09 14:29 . 2010-09-09 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\Common Files\IKE Software

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\IKE Software

2010-09-07 13:17 . 2010-09-07 13:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-06 14:38 . 2005-11-23 01:15 -------- d-----w- c:\program files\QuickTime

2010-10-05 13:52 . 2010-10-05 13:52 112 ----a-w- c:\documents and settings\All Users\Application Data\hgTGm6Gd.dat

2010-09-30 17:44 . 2010-10-06 14:39 94212 ----a-w- c:\windows\Fonts\mO8P6.com

2010-09-30 17:44 . 2004-08-26 16:12 94212 ----a-w- c:\windows\system32\rundll32.exe

2010-09-29 14:09 . 2009-12-29 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-28 14:02 . 2010-09-28 14:01 1595492 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-26 14:26 . 2006-01-27 15:00 222296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-21 14:00 . 2005-11-23 01:08 -------- d-----w- c:\program files\Google

2010-09-15 13:28 . 2008-06-17 17:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Java

2010-08-24 21:07 . 2010-08-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-02 21:04 . 2010-08-02 21:03 21706717 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_08_02_14_28_05_full.dmp.zip

2010-07-22 15:49 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-11-04 18:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

<pre>
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-10-01_18.37.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk

backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

2010-07-11 15:19 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]

c:\progra~1\McAfee.com\Shared\mcappins.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2002-08-12 16:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

c:\progra~1\mcafee.com\agent\mcupdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

c:\progra~1\mcafee\SPAMKI~1\mskagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-09-18 16:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-09-18 16:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

c:\program files\McAfee.com\VSO\oasclnt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2002-08-12 15:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-26 23:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

c:\program files\McAfee.com\VSO\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2008 11:12 AM 335240]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2008 11:11 AM 297752]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 7:52 AM 136176]

S2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/18/2007 3:46 PM 53307]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [12/5/2007 11:18 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [12/5/2007 11:18 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [12/5/2007 11:18 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [12/5/2007 11:18 AM 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netpv.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-10-06 10:41:15

ComboFix-quarantined-files.txt 2010-10-06 14:41

ComboFix2.txt 2010-10-03 13:59

ComboFix3.txt 2010-10-01 18:40

Pre-Run: 35,293,847,552 bytes free

Post-Run: 35,385,004,032 bytes free

- - End Of File - - 5C37CFA6693360F74F8F6D5A143465A3

Link to post
Share on other sites

Mel_3:

First, use this tool to remove QuickTime (if you no longer have it installed, move on to the next step). Do not reinstall it just yet:

icon11.gif Download and install the Revo Uninstaller

  • Double click the new Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish

icon11.gif Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    rundll32.*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post:

  • SystemLook log
  • Confirm that you've removed QuickTime

Link to post
Share on other sites

- Quicktime removed with Revo Uninstaller (free version). Nice utility.

- Below the SystemLook file.

Thanks again !!!!

SystemLook 04.09.10 by jpshortstuff

Log created at 09:09 on 07/10/2010 by Owner

Administrator - Elevation successful

========== filefind ==========

Searching for "rundll32.*"

C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c- 33280 bytes [15:17 03/10/2008] [19:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

C:\WINDOWS\I386\RUNDLL32.EX_ ------- 11853 bytes [16:10 26/08/2004] [19:00 04/08/2004] F8507676E40EAFE3ABB907812D65513B

C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf --a---- 10860 bytes [13:51 05/10/2010] [13:51 05/10/2010] F1F731F239902A113361189A2CB06645

C:\WINDOWS\Prefetch\RUNDLL32.EXE-31610E45.pf --a---- 10602 bytes [12:42 05/10/2010] [12:42 05/10/2010] CA80427B5CD6951A2E6907E696D7B51E

C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --a---- 12408 bytes [19:42 04/10/2010] [19:42 04/10/2010] 307ABAC168C60D5271236EDEA18D5828

C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------- 33280 bytes [12:32 03/09/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

C:\WINDOWS\system32\rundll32.exe --a---- 94212 bytes [16:12 26/08/2004] [17:44 30/09/2010] C60F9080FEDCF6CA6C79B881E7EA21A8

-= EOF =-

Link to post
Share on other sites

Mel_3:

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
c:\documents and settings\All Users\Application Data\hgTGm6Gd.dat
c:\windows\Fonts\mO8P6.com
Folder::
c:\program files\QuickTime
FCopy::
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe | c:\windows\system32\rundll32.exe

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

ComboFix 10-10-07.02 - Owner 10/08/2010 9:32.5.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.757 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Security\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\Security\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\documents and settings\All Users\Application Data\hgTGm6Gd.dat"

"c:\windows\Fonts\mO8P6.com"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\hgTGm6Gd.dat

c:\program files\QuickTime

c:\program files\QuickTime\Plugins\nsIQTScriptablePlugin.xpt

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\program files\QuickTime\qttask .exe

c:\windows\Fonts\mO8P6.com

.

--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\rundll32.exe --> c:\windows\system32\rundll32.exe

.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))

.

2010-10-07 12:55 . 2010-10-07 12:55 -------- d-----w- c:\program files\VS Revo Group

2010-10-04 18:10 . 2010-10-04 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-09-29 23:37 . 2010-09-29 23:37 -------- d-----w- c:\program files\Trend Micro

2010-09-29 23:31 . 2010-09-29 23:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-09-29 23:07 . 2010-09-29 23:07 -------- d-----w- c:\program files\CCleaner

2010-09-28 21:17 . 2010-09-28 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 20:19 . 2010-09-29 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-28 19:37 . 2010-09-28 19:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-28 16:06 . 2010-10-06 12:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-23 20:10 . 2010-09-23 22:24 -------- d-----w- c:\documents and settings\Owner\workspace

2010-09-15 13:27 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-09-15 13:27 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-09-15 13:27 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-09-15 13:27 . 2010-09-15 13:28 -------- d-----w- c:\windows\system32\ZoneLabs

2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- c:\program files\Zone Labs

2010-09-15 13:01 . 2010-09-15 13:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-sse.dll

2010-09-15 13:01 . 2010-09-15 13:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcp71.dll

2010-09-15 13:01 . 2010-09-15 13:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\jmc.dll

2010-09-15 13:01 . 2010-09-15 13:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e5a0246-n\msvcr71.dll

2010-09-15 13:01 . 2010-09-15 13:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5bc64b00-n\decora-d3d.dll

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0

2010-09-12 15:32 . 2010-09-12 15:32 -------- d-----w- c:\documents and settings\Owner\.thumbnails

2010-09-09 20:20 . 2010-09-09 20:20 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 20:20 . 2010-09-09 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-09-09 19:12 . 2010-09-09 19:12 -------- d-----w- c:\program files\JRE

2010-09-09 19:11 . 2010-09-09 19:12 -------- d-----w- c:\program files\OpenOffice.org 3

2010-09-09 19:11 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-09 15:50 . 2010-09-12 15:36 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6

2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\GIMP-2.0

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\program files\Paint.NET

2010-09-09 14:29 . 2010-09-09 15:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 13:08 . 2005-11-23 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime

2010-09-29 14:09 . 2009-12-29 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-28 14:02 . 2010-09-28 14:01 1595492 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-26 14:26 . 2006-01-27 15:00 222296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-21 14:00 . 2005-11-23 01:08 -------- d-----w- c:\program files\Google

2010-09-15 13:28 . 2008-06-17 17:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 13:04 . 2005-11-23 01:10 -------- d-----w- c:\program files\Java

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\Common Files\IKE Software

2010-09-08 12:00 . 2010-09-08 12:00 -------- d-----w- c:\program files\IKE Software

2010-08-24 21:07 . 2010-08-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-02 21:04 . 2010-08-02 21:03 21706717 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_08_02_14_28_05_full.dmp.zip

2010-07-22 15:49 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-11-04 18:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-10-01_18.37.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk

backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

2010-07-11 15:19 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2002-08-12 16:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-09-18 16:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-09-18 16:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2002-08-12 15:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-26 23:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2008 11:12 AM 335240]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2008 11:11 AM 297752]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 7:52 AM 136176]

S2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/18/2007 3:46 PM 53307]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [12/5/2007 11:18 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [12/5/2007 11:18 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [12/5/2007 11:18 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [12/5/2007 11:18 AM 60416]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 11:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netpv.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: fastestdeploy.com

Trusted Zone: fastestdeploy.com

TCP: {3DE59C59-FDC2-4F37-B00C-58CB922765A3} = 192.168.1.1

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fm8vhal9.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-cdloader - c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe

MSConfigStartUp-CleanUp - c:\progra~1\McAfee.com\Shared\mcappins.exe

MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe

MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe

MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

MSConfigStartUp-MSKAGENTEXE - c:\progra~1\mcafee\SPAMKI~1\mskagent.exe

MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe

MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe

MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-10-08 09:39:46

ComboFix-quarantined-files.txt 2010-10-08 13:39

ComboFix2.txt 2010-10-06 14:41

ComboFix3.txt 2010-10-03 13:59

ComboFix4.txt 2010-10-01 18:40

Pre-Run: 35,344,752,640 bytes free

Post-Run: 35,325,550,592 bytes free

- - End Of File - - A40A93F7D45CEBA3A0CB4B443536C512

Link to post
Share on other sites

Mel_3:

It looks like we are making progress - is your PC running better now? Please run another Kaspersky scan for me now:

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • Kaspersky log
  • How is the computer running now?

Link to post
Share on other sites

RPMcM, I ran Kaspersky again as you asked and the report is below.

I'm doing all this in Safe mode on my XP Pro PC as I don't want to boot in normal mode until it looks safe to do so.

Kaspersky still reports issues. Hopefully we can address those.

You have done a terrific job RMPcM ! Thanks so much!!!

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, October 9, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, October 09, 2010 08:16:29

Records in database: 4230446

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 93499

Threats found: 7

Infected objects found: 62

Suspicious objects found: 0

Scan duration: 03:30:12

File name / Threat / Threats count

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\Documents from Prior Use\My Downloads\VNC\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\IndexSearch.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\pptd40nt.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\PROGRA~1\AVG\AVG8\avgtray.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\mO8P6.com.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\[4]-Submit_2010-10-02_11.00.13.zip Infected: Trojan-Downloader.Win32.Mufanom.airf 1

C:\Qoobox\Quarantine\[4]-Submit_2010-10-06_10.33.51.zip Infected: Trojan.Win32.Powp.gen 4

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1003\A0081936.dll Infected: Trojan-PSW.Win32.Agent.uhe 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083334.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083335.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083336.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083337.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083338.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083340.com Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083783.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083785.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083786.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083787.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083788.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083789.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083790.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083793.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083794.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083796.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084007.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084008.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084009.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084010.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084011.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084012.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084013.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084014.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084020.com Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084495.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084717.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084723.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084724.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084725.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084726.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084727.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084728.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084729.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084730.com Infected: Trojan.Win32.Powp.gen 1

Selected area has been scanned.

Link to post
Share on other sites

Mel_3:

That log looks good! Please reboot into the normal mode. Run this scan then let me know if it's still running well in the normal mode:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • MBAM log
  • How is the computer running in the normal mode?

Link to post
Share on other sites

I'm still running in safe mode. Kaspersky still reports issues so I'm reluctant to boot into normal mode.

Sincere thanks for your help. Report below. What next?

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, October 9, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, October 09, 2010 08:16:29

Records in database: 4230446

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 93499

Threats found: 7

Infected objects found: 62

Suspicious objects found: 0

Scan duration: 03:30:12

File name / Threat / Threats count

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Documents and Settings\Owner\My Documents\Downloads\irc\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\Documents from Prior Use\My Downloads\VNC\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\IndexSearch.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\Scansoft\PaperPort\pptd40nt.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\PROGRA~1\AVG\AVG8\avgtray.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\mO8P6.com.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\[4]-Submit_2010-10-02_11.00.13.zip Infected: Trojan-Downloader.Win32.Mufanom.airf 1

C:\Qoobox\Quarantine\[4]-Submit_2010-10-06_10.33.51.zip Infected: Trojan.Win32.Powp.gen 4

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1003\A0081936.dll Infected: Trojan-PSW.Win32.Agent.uhe 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083334.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083335.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083336.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083337.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083338.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1005\A0083340.com Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083783.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083785.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083786.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083787.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083788.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083789.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083790.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083793.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083794.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0083796.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084007.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084008.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084009.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084010.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084011.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084012.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084013.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084014.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1006\A0084020.com Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084495.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084717.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084723.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084724.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084725.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084726.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084727.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084728.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084729.exe Infected: Trojan.Win32.Powp.gen 1

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1008\A0084730.com Infected: Trojan.Win32.Powp.gen 1

Selected area has been scanned.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.