Jump to content

Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Thanks for responding. My computer seems to have calmed down. I can post here fine and the popups have subsided. Below you will see the new mbam and dds. Maybe it's clear, or hiding to jump out at me again.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6559

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/12/2011 12:37:41 AM

mbam-log-2011-05-12 (00-37-41).txt

Scan type: Quick scan

Objects scanned: 163257

Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----------------------------------

DS (Ver_11-03-05.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.2.6

Adobe Shockwave Player 11

Adobe

Link to post
Share on other sites

ComboFix 11-05-12.02 - Compaq_Owner 05/13/2011 2:09.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1653 [GMT -5:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

C:\data

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\invokesi.exe

c:\documents and settings\Compaq_Owner\Application Data\Adobe\plugs

c:\documents and settings\Compaq_Owner\Application Data\Adobe\shed

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{6A0E728B-BE60-4345-8934-960D9034B8AB}

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{6A0E728B-BE60-4345-8934-960D9034B8AB}\chrome.manifest

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{6A0E728B-BE60-4345-8934-960D9034B8AB}\chrome\content\_cfg.js

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{6A0E728B-BE60-4345-8934-960D9034B8AB}\chrome\content\overlay.xul

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{6A0E728B-BE60-4345-8934-960D9034B8AB}\install.rdf

c:\documents and settings\Compaq_Owner\WINDOWS

c:\documents and settings\Default User\WINDOWS

C:\install.exe

C:\test.txt

c:\windows\jestertb.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\eeeeddcd5_z.dll

c:\windows\system32\usp10(2).dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))

.

.

2011-05-11 04:17 . 2011-05-11 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-11 04:17 . 2011-05-11 04:17 -------- d-----w- c:\program files\IObit

2011-05-05 06:23 . 2011-05-05 06:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot

2011-05-05 06:04 . 2011-05-05 06:04 0 ----a-w- c:\windows\Isodihi.bin

2011-05-04 10:54 . 2011-05-04 10:54 -------- d-----w- c:\program files\ESET

2011-05-03 07:10 . 2011-05-04 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\bN31001MpJlM31001

2011-04-29 18:00 . 2011-04-29 18:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OnLive App

2011-04-29 17:59 . 2011-04-29 18:00 -------- d-----w- c:\program files\OnLive

2011-04-28 20:12 . 2011-04-28 20:12 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-04-28 20:12 . 2011-04-28 20:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-04-27 07:15 . 2011-04-28 20:12 -------- d-----w- c:\program files\NVIDIA Corporation

2011-04-27 07:05 . 2011-04-27 07:05 -------- d-----w- c:\program files\Common Files\DirectX

2011-04-26 18:36 . 2002-07-24 19:00 87552 ----a-w- c:\windows\system32\CNMLM3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 5632 ----a-w- c:\windows\system32\CNMVS3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 46080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 13824 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD3g.DLL

2011-04-26 18:36 . 2002-07-30 07:59 73728 ----a-w- c:\windows\system32\CNMCP3g.exe

2011-04-26 18:35 . 2011-04-26 18:35 -------- d-----w- C:\BJPrinter

2011-04-15 05:55 . 2011-04-15 05:55 -------- d-----w- c:\program files\Network Stumbler

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-06 09:09 . 2007-08-24 21:21 221188 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp

2011-02-23 13:27 . 2011-02-23 13:27 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-02-23 13:27 . 2011-02-23 13:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-02-23 13:27 . 2011-02-23 13:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-02-23 13:27 . 2011-02-23 13:27 6398720 ----a-w- c:\windows\system32\nv4_disp.dll

2011-02-23 13:27 . 2011-02-23 13:27 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-02-23 13:27 . 2011-02-23 13:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-02-23 13:27 . 2011-02-23 13:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-02-23 13:27 . 2011-02-23 13:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-02-23 13:27 . 2011-02-23 13:27 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-02-23 13:27 . 2011-02-23 13:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-02-23 13:27 . 2011-02-23 13:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

<pre>
c:\windows\pchealth\helpctr\binaries\MSConfig .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk

backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 18:47 57344 -c--a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-09-11 02:26 368706 -c--a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA]

c:\program files\ClickPotatoLite\bin\10.0.630.0\ClickPotatoLiteSA.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]

c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-05-20 07:36 136176 ----atw- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-02-25 22:34 245760 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nyusuka]

c:\windows\mpidmtl.dll [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

2009-11-06 20:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-02-11 05:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-08-25 01:38 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"Bonjour Service"=2 (0x2)

"wuauserv"=2 (0x2)

"EPSON_PM_RPCV4_01"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"StarWindServiceAE"=2 (0x2)

"gupdatem"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57548:TCP"= 57548:TCP:Pando Media Booster

"57548:UDP"= 57548:UDP:Pando Media Booster

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [10/2/2008 4:15 AM 29808]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/19/2009 6:11 PM 66048]

S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/24/2008 7:50 PM 1201640]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:36 AM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:36 AM 136176]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2010 6:43 PM 436792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 07:36]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 07:36]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126290385-151678670-597227250-1009Core.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 07:36]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126290385-151678670-597227250-1009UA.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 07:36]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L337D6132053D4EAC8D7AD6D23D04E5D1.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L337D6132053D4EAC8D7AD6D23D04E5D1.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L4AFAFCC97AF342B6B74B8A4AE0EE3AAC.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L4AFAFCC97AF342B6B74B8A4AE0EE3AAC.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LC2C770A95D3D4602B7ABFF8B20BE4169.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LC2C770A95D3D4602B7ABFF8B20BE4169.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LCDFDF60A509D4BD0B3D09F3D2769A1C8.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LCDFDF60A509D4BD0B3D09F3D2769A1C8.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\mj9f8cit.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-13 02:15

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,1a,6b,32,57,90,f6,46,ac,50,59,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,1a,6b,32,57,90,f6,46,ac,50,59,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-05-13 02:17:27

ComboFix-quarantined-files.txt 2011-05-13 07:17

.

Pre-Run: 113,262,927,872 bytes free

Post-Run: 113,510,576,128 bytes free

.

- - End Of File - - 5E4785BCA017043B1D9170391AA612CA

DDS (Ver_11-03-05.01) - NTFSx86

Run by Compaq_Owner at 2:20:47.50 on Fri 05/13/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1472 [GMT -5:00]

.

AV: Trend Micro PC-cillin Internet Security 2007 *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro PC-cillin Internet Security (Firewall) *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273556260484

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\mj9f8cit.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-10-2 29808]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-19 66048]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-7-16 816672]

S2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-10-24 1201640]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

.

=============== Created Last 30 ================

.

2011-05-13 07:08:00 89088 ----a-w- c:\windows\MBR.exe

2011-05-13 07:07:59 98816 ----a-w- c:\windows\sed.exe

2011-05-13 07:07:59 256512 ----a-w- c:\windows\PEV.exe

2011-05-13 07:07:59 161792 ----a-w- c:\windows\SWREG.exe

2011-05-11 04:17:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-05-11 04:17:40 -------- d-----w- c:\program files\IObit

2011-05-07 08:28:16 -------- d-----w- c:\docume~1\compaq~1\applic~1\7F55E3C950783B2656A4A0A8CF522A3C

2011-05-05 06:04:02 0 ----a-w- c:\windows\Isodihi.bin

2011-05-04 10:54:16 -------- d-----w- c:\program files\ESET

2011-05-03 07:10:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\bN31001MpJlM31001

2011-04-29 18:00:07 -------- d-----w- c:\docume~1\compaq~1\applic~1\OnLive App

2011-04-29 17:59:48 -------- d-----w- c:\program files\OnLive

2011-04-28 20:12:23 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-04-28 20:12:23 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-04-27 07:15:22 -------- d-----w- c:\program files\NVIDIA Corporation

2011-04-27 07:05:42 -------- d-----w- c:\program files\common files\DirectX

2011-04-26 18:36:44 87552 ----a-w- c:\windows\system32\CNMLM3g.DLL

2011-04-26 18:36:44 5632 ----a-w- c:\windows\system32\CNMVS3g.DLL

2011-04-26 18:36:44 46080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP3g.DLL

2011-04-26 18:36:44 13824 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD3g.DLL

2011-04-26 18:36:41 73728 ----a-w- c:\windows\system32\CNMCP3g.exe

2011-04-26 18:35:51 -------- d-----w- C:\BJPrinter

2011-04-15 05:55:25 -------- d-----w- c:\program files\Network Stumbler

.

==================== Find3M ====================

.

2011-05-06 09:09:11 221188 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp

2011-03-02 23:08:31 0 ----a-w- c:\windows\ativpsrm.bin

2011-02-23 13:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-02-23 13:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-02-23 13:27:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll

2011-02-23 13:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-02-23 13:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-02-23 13:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-02-23 13:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin

2011-02-23 13:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-02-23 13:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-02-23 13:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-02-23 13:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

.

============= FINISH: 2:21:00.10 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

RenV::
c:\windows\pchealth\helpctr\binaries\MSConfig .exe
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Be as brutal as you need to. There is nothing on here I absolutely need

ComboFix 11-05-15.04 - Compaq_Owner 05/16/2011 2:16.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1672 [GMT -5:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt

AV: Trend Micro PC-cillin Internet Security 2007 *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro PC-cillin Internet Security (Firewall) *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))

.

.

2011-05-14 10:57 . 2011-05-14 10:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\_UVerseRealtime

2011-05-14 10:47 . 2011-05-14 10:47 -------- d-----w- c:\program files\WinPcap

2011-05-14 10:47 . 2011-05-14 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\U-Verse Realtime

2011-05-14 10:47 . 2011-05-14 10:47 -------- d-----w- c:\program files\U-Verse Realtime

2011-05-14 06:35 . 2011-05-14 06:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\MetaGeek,_LLC

2011-05-14 06:25 . 2011-05-14 06:25 -------- d-----w- c:\program files\MetaGeek

2011-05-11 04:17 . 2011-05-11 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-11 04:17 . 2011-05-11 04:17 -------- d-----w- c:\program files\IObit

2011-05-05 06:23 . 2011-05-05 06:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot

2011-05-05 06:04 . 2011-05-05 06:04 0 ----a-w- c:\windows\Isodihi.bin

2011-05-04 10:54 . 2011-05-04 10:54 -------- d-----w- c:\program files\ESET

2011-05-03 07:10 . 2011-05-04 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\bN31001MpJlM31001

2011-04-29 18:00 . 2011-04-29 18:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OnLive App

2011-04-29 17:59 . 2011-04-29 18:00 -------- d-----w- c:\program files\OnLive

2011-04-28 20:12 . 2011-04-28 20:12 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-04-28 20:12 . 2011-04-28 20:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-04-27 07:15 . 2011-04-28 20:12 -------- d-----w- c:\program files\NVIDIA Corporation

2011-04-27 07:05 . 2011-04-27 07:05 -------- d-----w- c:\program files\Common Files\DirectX

2011-04-26 18:36 . 2002-07-24 19:00 87552 ----a-w- c:\windows\system32\CNMLM3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 5632 ----a-w- c:\windows\system32\CNMVS3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 46080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP3g.DLL

2011-04-26 18:36 . 2002-07-24 19:00 13824 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD3g.DLL

2011-04-26 18:36 . 2002-07-30 07:59 73728 ----a-w- c:\windows\system32\CNMCP3g.exe

2011-04-26 18:35 . 2011-04-26 18:35 -------- d-----w- C:\BJPrinter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-06 09:09 . 2007-08-24 21:21 221188 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp

2011-02-23 13:27 . 2011-02-23 13:27 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-02-23 13:27 . 2011-02-23 13:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-02-23 13:27 . 2011-02-23 13:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-02-23 13:27 . 2011-02-23 13:27 6398720 ----a-w- c:\windows\system32\nv4_disp.dll

2011-02-23 13:27 . 2011-02-23 13:27 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-02-23 13:27 . 2011-02-23 13:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-02-23 13:27 . 2011-02-23 13:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-02-23 13:27 . 2011-02-23 13:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-02-23 13:27 . 2011-02-23 13:27 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-02-23 13:27 . 2011-02-23 13:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-02-23 13:27 . 2011-02-23 13:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk

backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 18:47 57344 -c--a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

2002-09-11 02:26 368706 -c--a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-05-20 07:36 136176 ----atw- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-02-25 22:34 245760 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

2009-11-06 20:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-02-11 05:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-08-25 01:38 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"Bonjour Service"=2 (0x2)

"wuauserv"=2 (0x2)

"EPSON_PM_RPCV4_01"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"StarWindServiceAE"=2 (0x2)

"gupdatem"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57548:TCP"= 57548:TCP:Pando Media Booster

"57548:UDP"= 57548:UDP:Pando Media Booster

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [10/2/2008 4:15 AM 29808]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/19/2009 6:11 PM 66048]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/24/2008 7:50 PM 1201640]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:36 AM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:36 AM 136176]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2010 6:43 PM 436792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 07:36]

.

2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 07:36]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126290385-151678670-597227250-1009Core.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 07:36]

.

2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126290385-151678670-597227250-1009UA.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 07:36]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L4AFAFCC97AF342B6B74B8A4AE0EE3AAC.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_L4AFAFCC97AF342B6B74B8A4AE0EE3AAC.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LC2C770A95D3D4602B7ABFF8B20BE4169.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

2011-05-02 c:\windows\Tasks\wrSpySweeper_LC2C770A95D3D4602B7ABFF8B20BE4169.job

- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-08-27 20:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\mj9f8cit.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.630.0\ClickPotatoLiteSA.exe

MSConfigStartUp-EPSON Stylus CX5000 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE

MSConfigStartUp-Nyusuka - c:\windows\mpidmtl.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-16 02:23

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,1a,6b,32,57,90,f6,46,ac,50,59,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,1a,6b,32,57,90,f6,46,ac,50,59,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2860)

c:\windows\system32\WININET.dll

c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Webroot\Spy Sweeper\SpySweeper.exe

c:\windows\system32\wscntfy.exe

c:\program files\Webroot\Spy Sweeper\SSU.EXE

.

**************************************************************************

.

Completion time: 2011-05-16 02:27:33 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-16 07:27

ComboFix2.txt 2011-05-13 07:17

.

Pre-Run: 112,671,821,824 bytes free

Post-Run: 112,727,060,480 bytes free

.

- - End Of File - - A42EF4B04BB21338DF3EEC16F2A5DCFA

DDS (Ver_11-03-05.01) - NTFSx86

Run by Compaq_Owner at 2:32:48.25 on Mon 05/16/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1606 [GMT -5:00]

.

AV: Trend Micro PC-cillin Internet Security 2007 *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro PC-cillin Internet Security (Firewall) *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273556260484

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\mj9f8cit.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-10-2 29808]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-19 66048]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-10-24 1201640]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-7-16 816672]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

.

=============== Created Last 30 ================

.

2011-05-14 10:57:24 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\_UVerseRealtime

2011-05-14 10:47:14 -------- d-----w- c:\program files\U-Verse Realtime

2011-05-14 06:35:32 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\MetaGeek,_LLC

2011-05-13 07:08:00 89088 ----a-w- c:\windows\MBR.exe

2011-05-13 07:07:59 98816 ----a-w- c:\windows\sed.exe

2011-05-13 07:07:59 256512 ----a-w- c:\windows\PEV.exe

2011-05-13 07:07:59 161792 ----a-w- c:\windows\SWREG.exe

2011-05-11 04:17:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-05-11 04:17:40 -------- d-----w- c:\program files\IObit

2011-05-07 08:28:16 -------- d-----w- c:\docume~1\compaq~1\applic~1\7F55E3C950783B2656A4A0A8CF522A3C

2011-05-05 06:04:02 0 ----a-w- c:\windows\Isodihi.bin

2011-05-04 10:54:16 -------- d-----w- c:\program files\ESET

2011-05-03 07:10:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\bN31001MpJlM31001

2011-04-29 18:00:07 -------- d-----w- c:\docume~1\compaq~1\applic~1\OnLive App

2011-04-29 17:59:48 -------- d-----w- c:\program files\OnLive

2011-04-28 20:12:23 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-04-28 20:12:23 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-04-27 07:15:22 -------- d-----w- c:\program files\NVIDIA Corporation

2011-04-27 07:05:42 -------- d-----w- c:\program files\common files\DirectX

2011-04-26 18:36:44 87552 ----a-w- c:\windows\system32\CNMLM3g.DLL

2011-04-26 18:36:44 5632 ----a-w- c:\windows\system32\CNMVS3g.DLL

2011-04-26 18:36:44 46080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP3g.DLL

2011-04-26 18:36:44 13824 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD3g.DLL

2011-04-26 18:36:41 73728 ----a-w- c:\windows\system32\CNMCP3g.exe

2011-04-26 18:35:51 -------- d-----w- C:\BJPrinter

.

==================== Find3M ====================

.

2011-05-06 09:09:11 221188 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp

2011-03-02 23:08:31 0 ----a-w- c:\windows\ativpsrm.bin

2011-02-23 13:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-02-23 13:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-02-23 13:27:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll

2011-02-23 13:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-02-23 13:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-02-23 13:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-02-23 13:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin

2011-02-23 13:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-02-23 13:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-02-23 13:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-02-23 13:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

.

============= FINISH: 2:33:02.07 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
SjyPkt

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.