Post Windows XP Recovery Virus

[dcJeff]

Last week, I removed the windows xp recovery virus from my computer. After getting rid of it, I realized that I still had various things missing from my Start -> All Programs list. Also, the bluetooth antenna and functions no longer work. Here is the dds log from my machine, and I've attached the attach.txt from DDS and ark.txt from GMER. I also ran a full MBAM scan last night, and all it caught was a Malware.Packer.GenX. I still have that log if you would like to see it too.

Thanks in advance

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Jeff at 8:31:20 on 2011-06-03

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1430 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPSIsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [gStart] c:\garmin\gStart.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: myspace.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184345771921

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\m5w5augp.default\

FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-29 99896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-10 366640]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22712]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\mpksl00946ab2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\MpKsl00946ab2.sys [?]

S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\mpksle4b92584.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\MpKsle4b92584.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 135664]

S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-10 39984]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-06-02 18:10:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 18:08:06 -------- d-----r- c:\program files\Skype

2011-06-02 17:48:14 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Secunia PSI

2011-06-02 17:47:59 -------- d-----w- c:\program files\Secunia

2011-06-02 17:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-02 17:43:37 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\mpengine.dll

2011-05-29 00:03:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN1A.tmp

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN19.tmp

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN18.tmp

2011-05-26 21:21:09 967 ----a-w- c:\windows\ScUnin.pif

2011-05-26 21:21:09 94208 ----a-w- c:\windows\ScUnin.exe

2011-05-26 21:20:30 -------- d-----w- c:\program files\Starcraft

2011-05-20 17:13:51 -------- d-----w- c:\program files\iPod

2011-05-20 17:13:47 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 8:32:45.70 ===============

ark.zip

attach.zip

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[dcJeff]

Ok the MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6804

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/7/2011 5:08:47 PM

mbam-log-2011-06-07 (17-08-47).txt

Scan type: Quick scan

Objects scanned: 173030

Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The ComboFix log:

ComboFix 11-06-06.07 - Jeff 06/07/2011 17:29:28.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1204 [GMT -5:00]

Running from: g:\virus protection\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jeff\Application Data\inst.exe

c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery

c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk

c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk

c:\documents and settings\Jeff\WINDOWS

c:\program files\rnamfler

c:\program files\rnamfler\naomf.exe

c:\program files\rnamfler\radprlib.dll

c:\program files\rnamfler\stream.rep

.

c:\windows\system32\grpconv.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))

.

.

2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe

2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe

2011-06-07 19:05 . 2011-06-07 19:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys

2011-06-07 19:04 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\mpengine.dll

2011-06-02 18:10 . 2011-06-02 18:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\program files\Common Files\Skype

2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----r- c:\program files\Skype

2011-06-02 17:48 . 2011-06-02 17:48 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Secunia PSI

2011-06-02 17:47 . 2011-06-02 17:47 -------- d-----w- c:\program files\Secunia

2011-06-02 17:46 . 2011-06-02 17:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-29 00:03 . 2011-06-02 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN1A.tmp

2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN19.tmp

2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN18.tmp

2011-05-28 23:20 . 2011-05-28 23:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-05-28 23:06 . 2011-05-28 23:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-05-28 23:01 . 2011-05-28 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-05-28 00:53 . 2011-05-28 00:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-28 00:52 . 2011-05-28 00:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-05-26 21:21 . 2011-05-26 21:23 967 ----a-w- c:\windows\ScUnin.pif

2011-05-26 21:21 . 2011-05-26 21:23 94208 ----a-w- c:\windows\ScUnin.exe

2011-05-26 21:20 . 2011-05-26 21:30 -------- d-----w- c:\program files\Starcraft

2011-05-20 17:13 . 2011-05-20 17:13 -------- d-----w- c:\program files\iPod

2011-05-20 17:13 . 2011-05-20 17:34 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2009-01-10 15:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2009-01-10 15:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-09 20:46 . 2010-11-23 20:42 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-30 15:17 . 2011-03-28 12:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]

"nwiz"="nwiz.exe" [2006-03-21 1519616]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]

"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]

Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-6-28 2056266]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-7 24576]

Monitor.lnk - c:\program files\Philips Webcam\Monitor.exe [2007-10-16 249856]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

WinZip Quick Pick.lnk - c:\winzip\WZQKPICK.EXE [2007-10-7 118784]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port

"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port

"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port

.

R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys [6/7/2011 2:05 PM 28752]

R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys [?]

R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys [?]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [10/29/2010 3:30 PM 99896]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2009 10:40 AM 366640]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 10:14 AM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 10:40 AM 22712]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys [?]

S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2011 6:01 PM 135664]

S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2/19/2008 11:48 AM 2333568]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL5993CA76

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00]

.

2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.att.net/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: myspace.com\www

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\m5w5augp.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

AddRemove-Atari800Win PLus - c:\program files\Atari800WinPLus\Uninstall.exe

AddRemove-Audacity 1.3 Beta (Unicode)_is1 - e:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe

AddRemove-AviSynth - e:\program files\AviSynth 2.5\Uninstall.exe

AddRemove-AVStoDVD - e:\program files\AVStoDVD\uninst.exe

AddRemove-DarkBASIC - c:\program files\Dark Basic Software\Dark Basic\Uninstal.exe

AddRemove-HaaliMkx - e:\program files\Haali\MatroskaSplitter\uninstall.exe

AddRemove-{40C03514-89C3-41BA-0090-3B440256DB87} - e:\ea games\The Sims 2\EAUninstall.exe

AddRemove-{4817189D-1785-4627-A33C-39FD90919300} - e:\ea games\The Sims 2 Pets\EAUninstall.exe

AddRemove-{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} - e:\ea games\The Sims 2 Open For Business\EAUninstall.exe

AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - e:\ea games\The Sims 2 University\EAUninstall.exe

AddRemove-{962E05CF-3394-496D-0091-850CF1762F6B} - e:\program files\EA GAMES\The Battle for Middle-earth\EAUninstall.exe

AddRemove-{B6F5B704-06D3-4687-90F3-6195304AD755} - e:\ea games\The Sims 2 Apartment Life\EAUninstall.exe

AddRemove-{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06} - e:\ea games\The Sims 2 Seasons\EAUninstall.exe

AddRemove-{F248ADFA-64E0-4b03-8A83-059078BED6A0} - e:\ea games\The Sims 2 Bon Voyage\EAUninstall.exe

AddRemove-{F7529650-B9DB-481B-0089-A2AC3C2821C1} - e:\ea games\The Sims 2 Nightlife\EAUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-07 17:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c1,43,da,0e,c4,6a,a4,e4,50,6d,a4,b8,56,88,0a,4a,e0,26,e4,73,b4,a0,e1,

9b,fd,b1,83,99,fa,e0,00,c3,cf,2d,d9,a6,7d,ad,70,fd,0d,0d,2c,2b,5e,51,bc,1a,\

"??"=hex:40,c1,e5,32,14,41,af,33,2c,e2,50,05,d4,d1,0e,68

.

[HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\License information*]

"datasecu"=hex:0f,d7,e8,fc,98,5d,c2,06,f1,64,8a,6d,be,74,38,d8,b9,be,83,90,47,

28,8b,aa,05,35,0b,5f,ec,d3,d0,04,26,af,5b,68,5a,f9,e1,2e,19,a8,df,d6,aa,49,\

"rkeysecu"=hex:fe,91,be,78,bd,01,a6,56,9c,3b,b6,2e,38,38,92,64

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(504)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-06-07 17:39:15

ComboFix-quarantined-files.txt 2011-06-07 22:39

.

Pre-Run: 66,323,107,840 bytes free

Post-Run: 66,593,001,472 bytes free

.

- - End Of File - - 9300CE03136393F3342D9EEC7A140572

The DDS log (and I've attached the attach.txt):

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Jeff at 17:42:33 on 2011-06-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1250 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\HPSIsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [gStart] c:\garmin\gStart.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\philips webcam\Monitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: myspace.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184345771921

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E8EAE12D-1544-43BD-B886-07593DA25934} : DhcpNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\m5w5augp.default\

FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys [2011-6-7 28752]

R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\mpksl658f1f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\MpKsl658f1f4b.sys [?]

R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\mpksle3d8f251.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\MpKsle3d8f251.sys [?]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-29 99896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-10 366640]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22712]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\mpksl00946ab2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\MpKsl00946ab2.sys [?]

S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\mpksle4b92584.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\MpKsle4b92584.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 135664]

S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\grpconv.exe

2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe

2011-06-07 22:26:23 98816 ----a-w- c:\windows\sed.exe

2011-06-07 22:26:23 518144 ----a-w- c:\windows\SWREG.exe

2011-06-07 22:26:23 256512 ----a-w- c:\windows\PEV.exe

2011-06-07 22:26:23 208896 ----a-w- c:\windows\MBR.exe

2011-06-07 19:05:38 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys

2011-06-07 19:04:51 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\mpengine.dll

2011-06-02 18:10:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 18:08:06 -------- d-----r- c:\program files\Skype

2011-06-02 17:48:14 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Secunia PSI

2011-06-02 17:47:59 -------- d-----w- c:\program files\Secunia

2011-06-02 17:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-29 00:03:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN1A.tmp

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN19.tmp

2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN18.tmp

2011-05-26 21:21:09 967 ----a-w- c:\windows\ScUnin.pif

2011-05-26 21:21:09 94208 ----a-w- c:\windows\ScUnin.exe

2011-05-26 21:20:30 -------- d-----w- c:\program files\Starcraft

2011-05-20 17:13:51 -------- d-----w- c:\program files\iPod

2011-05-20 17:13:47 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 17:43:11.54 ===============

AttachLog 6-7-2011.txt

[screen317]

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[dcJeff]

After a restart, the bluetooth is now working, and it looks like all of the previously missing Start -> All Programs listings have also returned. So to my knowledge, the issues have been resolved.

The ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=1e3782676c6bf843a38eddb5bdee53b3

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-08 01:36:07

# local_time=2011-06-07 08:36:07 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 64568260 64568260 0 0

# compatibility_mode=5891 16776533 42 87 0 18594214 0 0

# compatibility_mode=6912 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=98714

# found=0

# cleaned=0

# scan_time=4035

And the security checkup log:

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 24

Java 6 Update 25

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

SecurityCheck.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

HijackThis 2.0.2

Java

[dcJeff]

Got all of that done. Only issue seeming to remain is my IE8 keeps popping up a bar about running with add-ons disabled and occasionally it will complain about adobe flash player needing to be updated. The flash player shouldn't be a big deal to update, but my pc is refusing to download the update for some reason. Would this be a good time to just upgrade to IE9?

Thanks

[screen317]

Hi,

I'm afraid IE9 isn't available for Windows XP. Now would be a good time to upgrade to Windows 7!

You can uninstall the add-ons it is blocking. Alternatively, you can enable them in IE.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!