Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware


  • This topic is locked This topic is locked
19 replies to this topic

#1 Garryt

Garryt

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 10 February 2009 - 07:30 AM

Computer appears to be infected but not sure what by. Tried Malwarebites and Combofix but computer and Firefox especially still slow to respond or intermitently error message that connection is "interrrupted" (sorry do not have the exact wording just now as its working again). Avast and

Root repeal shows a aswSp.SYS which is highlighted red but cannot wipe file.

Please looking for help before I either become more infected or end up deleting/changing the wrong file and doing more damage myself.

Thanks for any help.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Garry Thomson at 22:15:53.23 on 10/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.35 [GMT 10:00]

AV: avast! antivirus 4.8.1335 [VPS 090209-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Garry Thomson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.cdrfaq.org/faq03.html#S3-5-1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163433059734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
TCP: {BB238FEE-A105-4D4F-BCC6-CDFD3D4A3004} = 192.168.2.1,61.9.211.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garryt~1\applic~1\mozilla\firefox\profiles\lst019vp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {6AD5C200-4B0A-4A5A-8A62-77CB741018E1} - c:\documents and settings\garry thomson\local settings\application data\{6AD5C200-4B0A-4A5A-8A62-77CB741018E1}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-24 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-2-10 21512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-17 138680]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-2-10 4107832]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-13 13696]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 950096]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-13 13568]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-17 352920]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-2-23 12160]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-1 33752]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-2-23 7040]
S3 mbr;mbr;\??\c:\docume~1\garryt~1\locals~1\temp\mbr.sys --> c:\docume~1\garryt~1\locals~1\temp\mbr.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-2-9 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-2-9 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-2-9 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-2-9 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-2-9 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-2-9 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-2-9 115752]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2007-4-10 83080]
S3 sonydcam;Sony 1394 CCM-DS250 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [2004-8-4 25344]

=============== Created Last 30 ================

2009-02-10 21:29 21,512 a------- c:\windows\system32\drivers\pxscan.sys
2009-02-10 21:29 <DIR> --d----- c:\program files\Prevx
2009-02-10 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-02-10 20:44 345 a------- c:\windows\gmer.ini
2009-02-10 20:29 <DIR> a-dshr-- C:\cmdcons
2009-02-10 20:28 161,792 a------- c:\windows\SWREG.exe
2009-02-10 20:28 98,816 a------- c:\windows\sed.exe
2009-02-09 22:03 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-09 22:03 1,409 a------- c:\windows\QTFont.for
2009-02-09 21:14 <DIR> --d----- c:\program files\Avanquest update
2009-02-09 21:13 115,752 a------- c:\windows\system32\drivers\s0016unic.sys
2009-02-09 21:13 114,216 a------- c:\windows\system32\drivers\s0016mgmt.sys
2009-02-09 21:13 10,792 a------- c:\windows\system32\drivers\s0016cr.sys
2009-02-09 21:13 110,632 a------- c:\windows\system32\drivers\s0016obex.sys
2009-02-09 21:13 25,512 a------- c:\windows\system32\drivers\s0016nd5.sys
2009-02-09 21:13 120,744 a------- c:\windows\system32\drivers\s0016mdm.sys
2009-02-09 21:13 89,256 a------- c:\windows\system32\drivers\s0016bus.sys
2009-02-09 21:13 15,016 a------- c:\windows\system32\drivers\s0016mdfl.sys
2009-02-09 21:13 12,200 a------- c:\windows\system32\drivers\s0016whnt.sys
2009-02-09 21:13 12,200 a------- c:\windows\system32\drivers\s0016wh.sys
2009-02-09 21:13 12,200 a------- c:\windows\system32\drivers\s0016cmnt.sys
2009-02-09 21:13 12,200 a------- c:\windows\system32\drivers\s0016cm.sys
2009-02-09 21:13 <DIR> --d----- c:\program files\Sony Ericsson
2009-02-09 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2009-02-09 20:13 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-02-09 20:13 91,136 a------- c:\windows\system32\dllcache\kswdmcap.ax
2009-02-09 20:13 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-02-09 20:13 53,760 a------- c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-09 20:13 43,008 a------- c:\windows\system32\ksxbar.ax
2009-02-09 20:13 43,008 a------- c:\windows\system32\dllcache\ksxbar.ax
2009-02-09 20:13 61,952 a------- c:\windows\system32\kstvtune.ax
2009-02-09 20:13 61,952 a------- c:\windows\system32\dllcache\kstvtune.ax
2009-02-09 18:48 <DIR> --d----- c:\documents and settings\garry thomson\DoctorWeb
2009-02-09 18:30 <DIR> --d----- c:\program files\Trend Micro
2009-02-08 22:36 <DIR> --d----- c:\program files\Avira GmbH
2009-02-08 22:12 <DIR> --d----- c:\docume~1\garryt~1\applic~1\Malwarebytes
2009-02-08 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-08 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 22:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 22:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-05 23:39 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-24 22:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-24 22:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-17 13:53 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-16 17:48 2 a------- C:\-461267923

==================== Find3M ====================

2008-12-13 16:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 20:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-25 19:09 1,131,176 a------- c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2008-04-02 22:20 22,242,560 a------- c:\documents and settings\garry thomson\fm.exe
2007-11-03 11:27 334 a------- c:\docume~1\garryt~1\applic~1\wklnhst.dat
2006-11-22 04:07 251 a------- c:\program files\wt3d.ini
2007-06-28 20:52 168 ---shr-- c:\windows\system32\E76F570B5D.sys
2007-06-28 20:53 5,642 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-27 10:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 22:17:04.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 15 February 2009 - 07:20 AM

Hello Garryt and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 February 2009 - 05:41 PM

Thanks for your reply and your help with this Thunder. The laptop seems to be running a bit smoother - I used a USB drive at the weekend and Avast picked up a virus from it so not sure if this has helped.

Goored Log -

GooredFix v1.91 by jpshortstuff
Log created at 08:09 on 16/02/2009 running Option #2 (Garry Thomson)
Firefox version 3.0.6 (en-GB)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{6AD5C200-4B0A-4A5A-8A62-77CB741018E1}"="C:\Documents and Settings\Garry Thomson\Local Settings\Application Data\{6AD5C200-4B0A-4A5A-8A62-77CB741018E1}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Garry Thomson\Local Settings\Application Data\{6AD5C200-4B0A-4A5A-8A62-77CB741018E1}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ECC38A28-D852-4427-8DFC-5884C227FB56}"="C:\Documents and Settings\Julie Shipman\Local Settings\Application Data\{ECC38A28-D852-4427-8DFC-5884C227FB56}" (Folder Missing)

Combofix -

ComboFix 09-02-15.01 - Garry Thomson 2009-02-16 8:16:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.142 [GMT 10:00]
Running from: c:\documents and settings\Garry Thomson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 11:45 . 2009-02-14 11:45 <DIR> d-------- c:\program files\LucasArts
2009-02-11 18:20 . 2009-02-11 18:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 18:19 . 2009-02-11 18:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-11 18:19 . 2009-02-11 18:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-11 18:19 . 2009-02-11 18:19 <DIR> d-------- c:\documents and settings\Garry Thomson\Application Data\SUPERAntiSpyware.com
2009-02-11 17:39 . 2009-02-11 17:39 1,374 --a------ c:\windows\imsins.BAK
2009-02-11 17:32 . 2009-02-11 17:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-10 21:29 . 2009-02-10 21:29 <DIR> d-------- c:\program files\Prevx
2009-02-10 21:29 . 2009-02-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-02-10 21:29 . 2009-02-10 21:29 21,512 --a------ c:\windows\system32\drivers\pxscan.sys
2009-02-10 20:44 . 2009-02-11 19:07 345 --a------ c:\windows\gmer.ini
2009-02-09 22:03 . 2009-02-13 10:48 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-09 22:03 . 2009-02-09 22:03 1,409 --a------ c:\windows\QTFont.for
2009-02-09 21:14 . 2009-02-09 21:59 <DIR> d-------- c:\program files\Avanquest update
2009-02-09 21:14 . 2009-02-09 21:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-09 21:13 . 2009-02-09 21:13 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-09 21:13 . 2009-02-09 21:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-02-09 21:13 . 2008-05-16 12:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2009-02-09 21:13 . 2008-05-16 12:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2009-02-09 21:13 . 2008-05-16 12:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2009-02-09 21:13 . 2008-05-16 12:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2009-02-09 21:13 . 2008-05-16 12:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2009-02-09 21:13 . 2008-05-16 12:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2009-02-09 21:13 . 2008-05-16 12:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2009-02-09 21:13 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2009-02-09 21:13 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2009-02-09 21:13 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2009-02-09 21:13 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2009-02-09 21:13 . 2008-05-16 12:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2009-02-09 20:13 . 2008-04-14 10:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2009-02-09 20:13 . 2008-04-14 10:12 91,136 --a------ c:\windows\system32\dllcache\kswdmcap.ax
2009-02-09 20:13 . 2008-04-14 10:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2009-02-09 20:13 . 2008-04-14 10:12 61,952 --a------ c:\windows\system32\dllcache\kstvtune.ax
2009-02-09 20:13 . 2008-04-14 10:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-09 20:13 . 2008-04-14 10:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-09 20:13 . 2008-04-14 10:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2009-02-09 20:13 . 2008-04-14 10:12 43,008 --a------ c:\windows\system32\dllcache\ksxbar.ax
2009-02-09 18:48 . 2009-02-09 18:48 <DIR> d-------- c:\documents and settings\Garry Thomson\DoctorWeb
2009-02-09 18:30 . 2009-02-09 18:30 <DIR> d-------- c:\program files\Trend Micro
2009-02-08 22:36 . 2009-02-08 22:36 <DIR> d-------- c:\program files\Avira GmbH
2009-02-08 22:12 . 2009-02-08 22:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 22:12 . 2009-02-08 22:12 <DIR> d-------- c:\documents and settings\Garry Thomson\Application Data\Malwarebytes
2009-02-08 22:12 . 2009-02-08 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 22:12 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 22:12 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 23:39 . 2009-02-07 07:40 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 22:56 . 2009-01-24 22:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 22:49 . 2009-01-24 22:49 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-17 14:38 . 2009-01-17 14:38 <DIR> d-------- c:\program files\Alwil Software
2009-01-17 13:53 . 2009-01-17 13:53 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-16 17:48 . 2009-01-16 17:48 2 --a------ C:\-461267923

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-15 10:01 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\uTorrent
2009-02-14 09:32 --------- d-----w c:\program files\EA Sports
2009-02-14 01:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-11 23:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-11 07:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 07:33 --------- d-----w c:\program files\Java
2009-02-09 11:09 --------- d-----w c:\program files\Disc2Phone
2009-02-09 11:08 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-02-08 12:32 --------- d-----w c:\program files\Google
2009-02-06 23:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 23:51 --------- d-----w c:\program files\SpywareBlaster
2009-01-25 11:51 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\Skype
2009-01-25 11:08 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\skypePM
2009-01-24 12:48 --------- d-----w c:\program files\Lavasoft
2009-01-17 07:24 --------- d-----w c:\program files\MediaMonkey
2009-01-17 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-16 11:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-26 12:17 --------- d-----w c:\program files\FinePixViewer
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-25 09:09 1,131,176 ----a-w c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2008-04-02 12:20 22,242,560 ----a-w c:\documents and settings\Garry Thomson\fm.exe
2007-11-03 01:27 334 ----a-w c:\documents and settings\Garry Thomson\Application Data\wklnhst.dat
2006-11-21 18:07 251 ----a-w c:\program files\wt3d.ini
1999-06-18 04:37 36,864 ----a-w c:\program files\internet explorer\plugins\lfbmp11n.dll
1999-06-16 07:17 273,920 ----a-w c:\program files\internet explorer\plugins\LFCMP11n.DLL
1999-06-18 04:37 27,648 ----a-w c:\program files\internet explorer\plugins\lftga11n.dll
1999-08-31 02:23 2,714,885 ----a-w c:\program files\internet explorer\plugins\library.dll
1999-06-16 07:08 234,496 ----a-w c:\program files\internet explorer\plugins\LTDIS11n.dll
1999-06-16 07:09 110,592 ----a-w c:\program files\internet explorer\plugins\ltfil11n.DLL
1999-06-16 07:10 124,416 ----a-w c:\program files\internet explorer\plugins\ltimg11n.dll
1999-06-10 06:41 301,568 ----a-w c:\program files\internet explorer\plugins\ltkrn11n.dll
2001-12-04 03:20 233,537 ----a-w c:\program files\internet explorer\plugins\MWPro.dll
2001-10-16 00:59 61,440 ----a-w c:\program files\internet explorer\plugins\paint.dll
2002-01-30 07:08 143,360 ----a-w c:\program files\internet explorer\plugins\sprites.dll
1998-07-11 15:13 53,760 ----a-w c:\program files\internet explorer\plugins\zlib.dll
2007-06-28 10:52 168 --sh--r c:\windows\system32\E76F570B5D.sys
2007-06-28 10:53 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-27 00:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_20.41.44.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-20 03:18:56 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-02-14 01:53:26 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-10-20 03:18:57 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-02-14 01:53:26 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-10-20 03:18:58 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-02-14 01:53:27 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-10-20 03:18:48 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:15 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:50 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:17 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:51 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:18 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:52 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:19 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:52 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:20 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:53 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:21 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:54 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:21 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:54 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:22 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:55 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:23 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:58 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-14 01:53:28 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-20 03:18:59 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-02-14 01:53:28 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-10-20 03:18:59 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-02-14 01:53:29 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-10-20 03:19:00 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-02-14 01:53:30 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-10-20 03:19:00 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-02-14 01:53:30 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-10-20 03:18:56 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-14 01:53:25 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-10 10:44:29 565,311 ----a-w c:\windows\gmer.dll
+ 2006-11-28 05:23:32 573,440 ----a-r c:\windows\gmer.exe
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-14 01:48:52 2,686 ----a-r c:\windows\Installer\{4E074808-1B86-4230-A9EB-0904942EC4AE}\ARPPRODUCTICON.exe
- 2009-01-15 07:57:09 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-11 07:40:41 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-15 07:57:17 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-11 07:40:42 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-15 07:57:11 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-11 07:40:41 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-15 07:57:12 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-11 07:40:41 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-15 07:57:14 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-11 07:40:42 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-15 07:57:18 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-11 07:40:42 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-15 07:57:19 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-11 07:40:42 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-15 07:57:13 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-11 07:40:41 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-15 07:57:13 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-11 07:40:42 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-15 07:57:15 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-11 07:40:42 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-15 07:57:19 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-11 07:40:42 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-15 07:57:10 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-11 07:40:41 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-11 08:20:08 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-02-11 08:20:08 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-02-10 10:44:29 68,961 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-09 15:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-02-11 07:31:58 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 15:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-11 07:31:58 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-09 16:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-11 07:31:58 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 11:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-14 14:07:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3a0.dat
+ 2009-02-14 14:07:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3b8.dat
- 2009-02-10 10:35:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2009-02-11 09:18:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-04 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-07 509784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-02 113664]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-09-01 294912]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2006-11-09 20:19 204800 c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2006-11-24 03:12 851968 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 20:51 57344 c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-07-17 07:29 389120 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-30 00:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-03-30 20:00 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-03-30 19:59 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-03-30 20:00 138008 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 19:28 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-05-01 19:28 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 12:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-08 00:49 1121280 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-08-23 01:32 184320 c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 18:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-09 04:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-17 07:38 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 11:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-29 16:12 1355042 c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 21:40 24576 c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-25 09:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLANKEEPER"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"EvtEng"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-10 21512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-17 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-17 20560]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-10 4107832]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-13 13696]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-13 13568]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-02-23 12160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-01 33752]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-02-23 7040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-03 32512]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-09 115752]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2007-04-10 83080]
S3 sonydcam;Sony 1394 CCM-DS250 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [2004-08-04 25344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 07:40]

2009-02-13 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JULES-Julie Shipman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.cdrfaq.org/faq03.html#S3-5-1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {BB238FEE-A105-4D4F-BCC6-CDFD3D4A3004} = 192.168.2.1,61.9.211.1
FF - ProfilePath - c:\documents and settings\Garry Thomson\Application Data\Mozilla\Firefox\Profiles\lst019vp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 08:20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-02-16 8:25:40
ComboFix-quarantined-files.txt 2009-02-15 22:25:33
ComboFix2.txt 2009-02-11 07:17:14
ComboFix3.txt 2009-02-10 11:41:25
ComboFix4.txt 2009-02-10 10:43:20

Pre-Run: 28,353,544,192 bytes free
Post-Run: 28,349,321,216 bytes free

541 --- E O F --- 2009-02-11 07:43:04

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 16 February 2009 - 04:25 AM

Hello Garryt,

Your logs look fine now. :thumbup2:

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 16 February 2009 - 05:52 AM

Thanks for checking these out. It is running fine but I can be sure now.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 16 February 2009 - 10:10 AM

No problem, Garryt :thumbup2:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 09 March 2009 - 09:26 PM

Hello,

This problem seems to have resurfaced. Firefox is now redirecting some sites, mostly when I click on google searchs, to other random add filled sites. This is as well as the previous problem of the connection being "Interrupted"

What is more of a convern is that Avast now refuses to load on start up. I have checked through windows and CCleaner and there appears to be no reason why this would not work. As far as I can see I am anti virus free which is a worry. I have tried to load Combo Fix or malware bytes but none of these will start, they simply close a couple of seconds after double clicking.

I am at a loss as to what is happening. The only thought it that this maybe from an external HDD that wasn't cleaned before.

Any help would really be appreciated.

Thanks for your time

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 10 March 2009 - 11:46 AM

Hello Garryt,

The only thought it that this maybe from an external HDD that wasn't cleaned before.

That may very well be the cause, yes :thumbup2:

In that case :

Delete your current copy of ComboFix,
then download Combofix again to your desktop. You must however rename it before saving it.

Posted Image

Posted Image

Now reboot your system and start in safe mode :
Restart your computer and tap F8 before WinXP starts to load and choose Safe Mode with Networking.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode with Networking option and press Enter.

Now run the renamed ComboFix.
ComboFix should run as expected now.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 March 2009 - 06:15 AM

Thanks for your reply Thunder.

Unfortunately after following your instructions I still cannot load Combofix in even safe mode.

I'd be grateful for any help.

Thanks

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 12 March 2009 - 05:07 PM

Hello Garryt,

Can you get DDS to come up with a diagnostic log ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 13 March 2009 - 05:40 PM

Thunder,

Unfortunately not. Much the same as on Combofix the program immediately closes on start up.

Thanks for your help.

Garryt

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 14 March 2009 - 03:21 PM

Hello Garryt,

Looks like you're in a pickle there. :thumbup2:

Please download DrWeb-CureIt and save it to your desktop.

DO NOT run it yet !

Now reboot in safe mode.
  • Double-click on launch.exe to open DrWeb-CureIt and click Start.
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 March 2009 - 04:04 AM

Thunder,

Bizarre but Avast and Spybot have started working again when I booted up this morning. Not sure why this is as I haven't done anything or used any programs to amend any details. Firefox still has the connection interrupted message when it first loads up but this seems to connect after a few minutes.

Once Avast loaded it found a 'virus' called "nauco.fql" and this is now in the Avast virus vault under infected files. Also I have noticed that the following programs are in the chest under system files with these last changed dates:

kernel32.dll 14/04/08
winsock.dll 10/08/04
wsock32.dll 14/04/08

Drweb has worked all fine in safe mode and I have posted the log below.

Thanks for your help

Garryt

Combo-Fix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Garry Thomson\Desktop\Combo-Fix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Garry Thomson\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Garry Thomson\Desktop;Container contains infected objects;Moved.;
delfolder.exe;C:\Program Files\Dell Support\GTCoach;Trojan.MulDrop.30652;Deleted.;
Updater.exe;C:\Program Files\EA Sports\Madden NFL 08;Trojan.DownLoader.origin;Incurable.Moved.;
delfolder.exe;C:\Program Files\WebCyberCoach\b_Dell;Trojan.MulDrop.30652;Deleted.;
A0086511.EXE;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496;Program.PsExec.170;Incurable.Moved.;
A0086609.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496;Trojan.StartPage.1505;Deleted.;
A0086767.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496;Trojan.StartPage.1505;Deleted.;
A0086842.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496\A0086842.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496;Archive contains infected objects;;
A0086842.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP496;Container contains infected objects;Moved.;
A0087866.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP506;Trojan.StartPage.1505;Deleted.;
A0088407.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP511\A0088407.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP511;Archive contains infected objects;;
A0088407.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP511;Container contains infected objects;Moved.;
A0092866.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP519\A0092866.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP519;Archive contains infected objects;;
A0092866.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP519;Container contains infected objects;Moved.;
A0094874.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529\A0094874.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529;Archive contains infected objects;;
A0094874.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529;Container contains infected objects;Moved.;
A0094875.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529\A0094875.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529;Archive contains infected objects;;
A0094875.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP529;Container contains infected objects;Moved.;
A0095170.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532\A0095170.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532;Archive contains infected objects;;
A0095170.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532;Container contains infected objects;Moved.;
A0095320.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0095320.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534;Archive contains infected objects;;
A0095320.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534;Container contains infected objects;Moved.;
A0095321.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534;Trojan.MulDrop.30652;Deleted.;
A0095322.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534;Trojan.DownLoader.origin;Incurable.Moved.;
A0095323.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534;Trojan.MulDrop.30652;Deleted.;

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 16 March 2009 - 01:37 PM

Hello Garryt,

Still having problems now ?

If so, please run ComboFix and post the log in your next reply.

If not, you can remove Dr. Web CureIt.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 Garryt

Garryt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 17 March 2009 - 03:55 AM

Thunder,

The Firefox problem is still persisting. I have ran combo fix and pasted the log below but this doesn't seem to have helped.

Thanks again

ComboFix 09-03-15.01 - Garry Thomson 2009-03-17 18:10:01.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.165 [GMT 10:00]
Running from: c:\documents and settings\Garry Thomson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090316-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 18:08 . 2009-03-17 18:08 <DIR> d-------- C:\32788R22FWJFW
2009-03-08 13:56 . 2009-03-15 11:51 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-08 13:56 . 2009-03-08 13:56 1,409 --a------ c:\windows\QTFont.for
2009-03-07 09:12 . 2009-03-12 17:36 1,374 --a------ c:\windows\imsins.BAK
2009-02-21 14:43 . 2009-02-21 14:43 848 --a------ C:\ZB20090221144327001.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 08:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-16 09:20 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\uTorrent
2009-03-12 07:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 11:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-09 07:51 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-07 03:32 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2009-03-07 01:48 --------- d-----w c:\program files\FinePixViewer
2009-03-07 01:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 08:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-04 08:41 --------- d-----w c:\program files\CCleaner
2009-02-14 09:32 --------- d-----w c:\program files\EA Sports
2009-02-14 01:45 --------- d-----w c:\program files\LucasArts
2009-02-11 23:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-11 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 08:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-11 08:19 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\SUPERAntiSpyware.com
2009-02-11 07:33 --------- d-----w c:\program files\Java
2009-02-11 07:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-11 00:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 00:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 11:59 --------- d-----w c:\program files\Avanquest update
2009-02-09 11:14 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 --------- d-----w c:\program files\Sony Ericsson
2009-02-09 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-02-09 11:09 --------- d-----w c:\program files\Disc2Phone
2009-02-09 11:08 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-02-09 08:30 --------- d-----w c:\program files\Trend Micro
2009-02-08 12:36 --------- d-----w c:\program files\Avira GmbH
2009-02-08 12:32 --------- d-----w c:\program files\Google
2009-02-08 12:12 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\Malwarebytes
2009-02-08 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-06 23:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 23:51 --------- d-----w c:\program files\SpywareBlaster
2009-02-06 21:40 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-01-25 11:51 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\Skype
2009-01-25 11:08 --------- d-----w c:\documents and settings\Garry Thomson\Application Data\skypePM
2009-01-24 12:55 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-24 12:49 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 12:48 --------- d-----w c:\program files\Lavasoft
2009-01-17 07:24 --------- d-----w c:\program files\MediaMonkey
2009-01-17 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-17 04:38 --------- d-----w c:\program files\Alwil Software
2009-01-16 11:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-11-25 09:09 1,131,176 ----a-w c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2008-04-02 12:20 22,242,560 ----a-w c:\documents and settings\Garry Thomson\fm.exe
2007-11-03 01:27 334 ----a-w c:\documents and settings\Garry Thomson\Application Data\wklnhst.dat
2006-11-21 18:07 251 ----a-w c:\program files\wt3d.ini
1999-06-18 04:37 36,864 ----a-w c:\program files\internet explorer\plugins\lfbmp11n.dll
1999-06-16 07:17 273,920 ----a-w c:\program files\internet explorer\plugins\LFCMP11n.DLL
1999-06-18 04:37 27,648 ----a-w c:\program files\internet explorer\plugins\lftga11n.dll
1999-08-31 02:23 2,714,885 ----a-w c:\program files\internet explorer\plugins\library.dll
1999-06-16 07:08 234,496 ----a-w c:\program files\internet explorer\plugins\LTDIS11n.dll
1999-06-16 07:09 110,592 ----a-w c:\program files\internet explorer\plugins\ltfil11n.DLL
1999-06-16 07:10 124,416 ----a-w c:\program files\internet explorer\plugins\ltimg11n.dll
1999-06-10 06:41 301,568 ----a-w c:\program files\internet explorer\plugins\ltkrn11n.dll
2001-12-04 03:20 233,537 ----a-w c:\program files\internet explorer\plugins\MWPro.dll
2001-10-16 00:59 61,440 ----a-w c:\program files\internet explorer\plugins\paint.dll
2002-01-30 07:08 143,360 ----a-w c:\program files\internet explorer\plugins\sprites.dll
1998-07-11 15:13 53,760 ----a-w c:\program files\internet explorer\plugins\zlib.dll
2007-06-28 10:52 168 --sh--r c:\windows\system32\E76F570B5D.sys
2007-06-28 10:53 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-27 00:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-03-15_13.46.06.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 02:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2009-03-16 07:42:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2fc.dat
+ 2009-03-16 07:42:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_340.dat
+ 2009-03-16 07:42:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-07 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-02 113664]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-03-07 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2006-11-09 20:19 204800 c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2006-11-24 03:12 851968 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 20:51 57344 c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 08:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-07-17 07:29 389120 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-30 00:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-03-30 20:00 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-03-30 19:59 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-03-30 20:00 138008 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 19:28 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-05-01 19:28 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 12:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-08 00:49 1121280 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-08-23 01:32 184320 c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 18:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-03-09 17:51 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-09 04:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-17 07:38 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 11:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-29 16:12 1355042 c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 21:40 24576 c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-25 09:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLANKEEPER"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"EvtEng"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-09 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-09 20560]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-13 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-13 13568]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-02-23 12160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-01 33752]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-02-23 7040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-03 32512]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-09 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2007-04-10 83080]
S3 sonydcam;Sony 1394 CCM-DS250 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [2004-08-04 25344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 07:40]

2009-03-13 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JULES-Julie Shipman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.cdrfaq.org/faq03.html#S3-5-1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {BB238FEE-A105-4D4F-BCC6-CDFD3D4A3004} = 192.168.2.1,61.9.211.1
FF - ProfilePath - c:\documents and settings\Garry Thomson\Application Data\Mozilla\Firefox\Profiles\lst019vp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 18:14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2197367282-2042072575-2822936-1005\Software\FunWebProducts\Settings]
@DACL=(02 0000)
"UID"="AF7B64AD-C9A7-426D-977C-4AB6726DE6BE"
"BinParam234"=hex:7c,00,31,00,3d,00,30,00,7c,00,32,00,3d,00,36,00,34,00,7c,00,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-17 18:18:38
ComboFix-quarantined-files.txt 2009-03-17 08:18:35
ComboFix2.txt 2009-03-15 03:48:07
ComboFix3.txt 2009-02-15 22:25:45
ComboFix4.txt 2009-02-11 07:17:14
ComboFix5.txt 2009-03-17 08:08:48

Pre-Run: 17,522,200,576 bytes free
Post-Run: 17,504,153,600 bytes free

312 --- E O F --- 2009-03-15 03:59:45




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users