Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I scanned my computer and have something like Trojan:Win32/VB6 and it finds the virus in the system restore its like A000002.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 studlyadam

studlyadam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 17 June 2009 - 07:41 PM

I've been having this problem for a long time I've run combofix n stuff and now my windows xp wallpaper only shows like 4 inches of the left side of it the rest of my desktop to the right is white...like the wallpaper is cut off.. Before that happened I kept getting active desktop errors and it would show the button to restore active desktop and when I would click it it would give me an error saying the script has cause an error and will slow the computer if it continues to run and it wouldnt do anything if i click yes or no. So here is my DDS.scr log please help me get this wrapped up and get my computer back to normal!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Steven at 20:34:06.62 on 2009-06-17
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.784 [GMT -4:00]

AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Lavasoft Personal Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Belkin\F5D7000v7032\Belkinwcui.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvCplUI.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox3\firefox.exe
C:\Documents and Settings\Steven\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: UIHost=%SystemRoot%\system32\logonui.exe
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mExplorerRun: [NoActiveDesktopChanges] 00000000
mExplorerRun: [NoActiveDesktop] 0 (0x0)
mExplorerRun: [NoSaveSettings] 0 (0x0)
mExplorerRun: [ClassicShell] 0 (0x0)
StartupFolder: c:\docume~1\steven\startm~1\programs\startup\canoni~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven\applic~1\mozilla\firefox\profiles\u3mc9kox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - UserLogos
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\steven\application data\mozilla\firefox\profiles\u3mc9kox.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll
FF - component: c:\documents and settings\steven\application data\mozilla\firefox\profiles\u3mc9kox.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\steven\application data\mozilla\firefox\profiles\u3mc9kox.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox3\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox3\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-19 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2008-12-16 58784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-3-15 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-3-15 41744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-4-2 10384]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 145544]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-3-15 87568]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 7dfE;7dfE;c:\windows\system32\7dfE.sys [2009-4-24 185824]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.sys [2009-6-4 303616]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\coachvc.sys --> c:\windows\system32\drivers\CoachVc.sys [?]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2008-7-28 4544]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2008-3-30 14468]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\srobot\ntprocdrv.sys --> c:\srobot\NtProcDrv.sys [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-4-11 517632]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 srwl;3Com 3CRWE62092A Wireless LAN PC Card Driver;c:\windows\system32\drivers\srwlnd5.sys [2009-5-3 48736]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S4 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-24 30192]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-06-17 20:00 155,136 a------- c:\windows\PEV.exe
2009-06-17 18:49 558 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-16 09:43 850 a------- c:\windows\system32\ProductTweaks.xml
2009-06-16 09:43 385 a------- c:\windows\system32\user_gensett.xml
2009-06-15 07:05 <DIR> --d----- c:\docume~1\steven\applic~1\BitDefender
2009-06-15 07:04 <DIR> --d----- c:\program files\BitDefender
2009-06-15 05:53 <DIR> --d----- c:\program files\MSSOAP
2009-06-15 05:52 <DIR> --d----- c:\program files\Webroot
2009-06-15 05:51 164 a------- c:\windows\install.dat
2009-06-14 13:18 <DIR> --d----- c:\program files\Ventrilo
2009-06-14 13:18 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-14 13:14 <DIR> --d----- c:\program files\Teamspeak2_RC2
2009-06-11 18:29 41,808 ac------ c:\windows\system32\xfcodec.dll
2009-06-09 23:04 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 23:04 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 23:04 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-09 23:04 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-08 02:11 <DIR> --d----- C:\CrashReport
2009-06-08 01:32 <DIR> --d----- c:\program files\Silkroad
2009-06-04 23:49 303,616 a------- c:\windows\system32\drivers\BLKWGDv7.sys
2009-06-04 23:48 13,768 a------- c:\windows\system32\drivers\string.ini
2009-06-04 23:48 <DIR> --d----- c:\program files\Belkin
2009-06-04 23:44 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-04 23:44 245,248 a------- c:\windows\system32\drivers\rt73.sys
2009-06-01 01:21 <DIR> --d----- c:\program files\WinMend
2009-05-31 20:16 <DIR> --d----- c:\windows\{4000033D-F337-41A1-ADA3-3D23635CFA0A}
2009-05-31 20:10 94,208 a------- c:\windows\system32\DNIN50.DLL
2009-05-31 20:10 17,149 a------- c:\windows\system32\DNINDIS5.SYS
2009-05-29 22:50 610,816 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-05-29 22:49 4,282 a------- c:\windows\system32\WLAN.INI

==================== Find3M ====================

2009-06-17 18:57 0 ac------ c:\windows\system32\drivers\lvuvc.hs
2009-06-17 18:57 0 ac------ c:\windows\system32\drivers\logiflt.iad
2009-06-17 18:56 81,984 ac------ c:\windows\system32\bdod.bin
2009-06-16 09:46 145,544 a------- c:\windows\system32\drivers\bdfm.sys
2009-06-07 22:27 138,512 ac------ c:\windows\system32\drivers\PnkBstrK.sys
2009-06-07 22:26 201,440 ac------ c:\windows\system32\PnkBstrB.exe
2009-05-29 14:27 3,532 a------- C:\drmHeader.bin
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-24 23:40 185,824 a------- c:\windows\system32\7dfE.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-04-17 16:28 47,360 ac------ c:\docume~1\steven\applic~1\pcouffin.sys
2008-04-02 10:41 22,328 ac------ c:\docume~1\steven\applic~1\PnkBstrK.sys
2008-03-09 08:25 236 ac--h--- c:\program files\common files\dx.reg
2007-10-22 15:00 55,296 a------- c:\documents and settings\steven\cnmss Canon iP2600 series (Local).dll
2008-02-12 08:28 2 a--shrot c:\windows\winstart.bat
2008-03-24 09:40 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008032420080325\index.dat
2008-04-23 13:13 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008042320080424\index.dat

============= FINISH: 20:35:19.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 studlyadam

studlyadam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 20 June 2009 - 12:38 AM

I've scanned my computer again with malware antibytes and it found Malware.Trace. So I then scanned it with combofix again and it found all kinds of stuff and deleted them but I'm worried there still plenty left to get rid of and that things might get worse. Please help me!!! Here is the combofix log...

ComboFix 09-06-18.02 - Steven 2009-06-20 1:07.17 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1159 [GMT -4:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Lavasoft Personal Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2977283995-513098529-2179648839-1000
c:\$recycle.bin\S-1-5-21-2977283995-513098529-2179648839-1000\desktop.ini
c:\documents and settings\Steven\Application Data\addon.dat
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\WgaLogon.dll
c:\windows\system32\winstanew.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 08:54 . 2009-06-19 08:43 9728 ----a-w- c:\windows\system32\Killwmsrt.exe
2009-06-19 05:57 . 2009-06-19 05:57 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Rawr
2009-06-16 19:28 . 2009-06-16 19:28 -------- d-----w- c:\documents and settings\Steven\Application Data\vlc
2009-06-15 09:53 . 2009-06-15 09:53 -------- d-----w- c:\program files\MSSOAP
2009-06-15 09:52 . 2009-06-15 09:52 -------- d-----w- c:\program files\Webroot
2009-06-15 09:51 . 2009-06-15 09:51 164 ----a-w- c:\windows\install.dat
2009-06-14 17:18 . 2009-06-14 17:18 -------- d-----w- c:\program files\Ventrilo
2009-06-14 17:14 . 2009-06-14 17:15 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-11 22:29 . 2009-06-11 22:29 41808 -c--a-w- c:\windows\system32\xfcodec.dll
2009-06-10 03:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 03:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 03:04 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 03:04 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-08 06:11 . 2009-06-08 06:11 -------- d-----w- C:\CrashReport
2009-06-08 05:32 . 2009-06-08 07:15 -------- d-----w- c:\program files\Silkroad
2009-06-05 03:56 . 2008-12-04 05:25 120832 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-05 03:49 . 2006-10-19 05:44 303616 ----a-w- c:\windows\system32\drivers\BLKWGDv7.sys
2009-06-05 03:48 . 2009-06-05 03:48 -------- d-----w- c:\program files\Belkin
2009-06-05 03:44 . 2009-06-05 03:48 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-05 03:44 . 2005-11-24 23:51 245248 ----a-w- c:\windows\system32\drivers\rt73.sys
2009-06-01 05:21 . 2009-06-01 05:21 -------- d-----w- c:\program files\WinMend
2009-06-01 04:58 . 2009-06-01 09:20 -------- d-----w- c:\documents and settings\Steven\Application Data\Download Manager
2009-06-01 00:16 . 2009-06-01 00:16 -------- d-----w- c:\windows\{4000033D-F337-41A1-ADA3-3D23635CFA0A}
2009-06-01 00:10 . 2003-07-24 16:10 17149 ----a-w- c:\windows\system32\DNINDIS5.SYS
2009-06-01 00:10 . 2003-07-24 16:10 94208 ----a-w- c:\windows\system32\DNIN50.DLL
2009-05-30 02:50 . 2007-06-26 13:48 610816 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 05:15 . 2009-04-12 01:44 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-20 05:15 . 2009-02-23 04:48 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-20 05:15 . 2009-02-23 04:48 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-20 04:57 . 2009-06-20 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-20 04:36 . 2008-04-20 21:15 -------- d-----w- c:\program files\Driver Magician
2009-06-20 04:34 . 2008-06-26 05:50 -------- d-----w- c:\program files\Mozilla Firefox3
2009-06-20 04:34 . 2009-03-01 00:09 -------- d-----w- c:\program files\Digsby-Alpha
2009-06-19 17:00 . 2007-11-23 06:07 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-19 16:57 . 2007-12-25 00:54 81984 -c--a-w- c:\windows\system32\bdod.bin
2009-06-19 14:14 . 2009-04-03 05:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 14:14 . 2009-04-25 00:34 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 09:38 . 2008-10-06 22:46 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-06-19 09:33 . 2009-03-19 01:28 -------- d-----w- c:\documents and settings\Steven\Application Data\uTorrent
2009-06-18 03:30 . 2007-11-14 20:20 -------- d-----w- c:\documents and settings\Steven\Application Data\Xfire
2009-06-18 00:45 . 2008-09-27 07:07 -------- d-----w- c:\program files\ESET
2009-06-17 22:57 . 2007-11-13 01:25 -------- d-----w- c:\program files\Xfire
2009-06-17 22:55 . 2007-11-30 09:50 -------- d-----w- c:\documents and settings\Steven\Application Data\X-Chat 2
2009-06-17 15:27 . 2009-04-03 05:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-04-03 05:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2007-12-02 00:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-16 13:44 . 2008-12-03 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-14 17:18 . 2008-04-17 01:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 02:44 . 2009-03-19 01:28 -------- d-----w- c:\program files\uTorrent
2009-06-08 04:54 . 2009-02-19 16:13 -------- d-----w- c:\documents and settings\Steven\Application Data\Bioshock
2009-06-08 03:26 . 2007-11-11 08:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 02:27 . 2008-02-08 01:46 138512 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-08 02:26 . 2008-02-08 01:46 201440 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-06-05 10:49 . 2007-11-30 13:21 -------- d-----w- c:\program files\World of Warcraft
2009-06-01 22:30 . 2008-04-15 17:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-29 18:27 . 2008-04-07 08:41 3532 ----a-w- C:\drmHeader.bin
2009-05-16 22:28 . 2009-05-16 22:28 -------- d-----w- c:\program files\Curse
2009-05-13 05:15 . 2004-08-04 04:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:51 . 2009-04-03 03:48 -------- d-----w- c:\documents and settings\Steven\Application Data\Logitech
2009-05-12 21:01 . 2009-01-01 18:54 -------- d-----w- c:\documents and settings\Steven\Application Data\Ventrilo
2009-05-12 19:12 . 2007-11-11 09:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-11 04:26 . 2007-11-12 00:47 -------- d-----w- c:\documents and settings\Steven\Application Data\Move Networks
2009-05-11 04:22 . 2009-05-11 04:22 965344 ----a-w- c:\documents and settings\Steven\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-09 03:14 . 2008-07-07 22:43 -------- d-----w- c:\program files\Vuze
2009-05-09 03:10 . 2008-07-07 22:43 -------- d-----w- c:\documents and settings\Steven\Application Data\Azureus
2009-05-07 15:32 . 2007-12-25 00:22 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 18:33 . 2009-04-25 18:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-25 03:40 . 2009-04-25 03:40 185824 ----a-w- c:\windows\system32\7dfE.sys
2009-04-25 00:38 . 2007-11-11 14:17 -------- d-----w- c:\program files\Winamp
2009-04-17 20:58 . 2009-04-25 00:19 103424 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 20:58 . 2009-04-25 00:19 954368 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 20:58 . 2009-04-25 00:19 344064 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 20:58 . 2009-04-25 00:19 1161626 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 20:58 . 2009-04-25 00:19 71652 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 20:58 . 2009-04-25 00:19 65536 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 20:58 . 2009-04-25 00:19 4579328 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 20:58 . 2009-04-25 00:19 4534272 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 20:58 . 2009-04-25 00:19 131868 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-17 12:26 . 2007-12-25 00:22 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 04:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-04 22:36 . 2007-11-11 10:10 309016 -c--a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 12:14 . 2009-04-25 18:32 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2008-03-09 12:25 . 2009-01-04 05:15 236 -c-ha-w- c:\program files\Common Files\dx.reg
2008-02-12 12:28 . 2008-02-12 12:28 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-19 148888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

c:\documents and settings\Steven\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon iP2600 series.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-2 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-05 02:12 184320 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless G Desktop Card Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Desktop Card Client Utility.lnk
backup=c:\windows\pss\Belkin Wireless G Desktop Card Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP2600 series.lnk]
backup=c:\windows\pss\Canon IJ Status Monitor Canon iP2600 series.lnkStartup
path=c:\documents and settings\Steven\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP2600 series.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^Styler.lnk]
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"idsvc"=3 (0x3)
"btwdins"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"aawservice"=3 (0x3)
"LBTServ"=3 (0x3)
"NMSAccessU"=3 (0x3)
"NMIndexingService"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"PD91Engine"=3 (0x3)
"PD91Agent"=3 (0x3)
"Spooler"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"bdss"=2 (0x2)
"CiSvc"=3 (0x3)
"ose"=3 (0x3)
"BOCore"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"SBAMSvc"=2 (0x2)
"GoogleDesktopManager-090808-172447"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Silkroad\\SilkErrSender.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\X-Chat\\xchat.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\aeriagames\12Sky\TwelveSky.exe]
"DeleteFlag"= 1 (0x1)
"Start"= 4 (0x4)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59127:TCP"= 59127:TCP:azureus
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:filezilla
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-19 3:33 PM 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2008-12-16 58784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 4:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 4:03 PM 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-15 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-15 41744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-04-02 10384]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-15 87568]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 7dfE;7dfE;c:\windows\system32\7dfE.sys [2009-04-24 185824]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.sys [2009-06-04 303616]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2008-07-28 4544]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2008-03-30 9:04 PM 14468]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\srobot\NtProcDrv.sys --> c:\srobot\NtProcDrv.sys [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 6:34 PM 1452032]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-04-11 517632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 srwl;3Com 3CRWE62092A Wireless LAN PC Card Driver;c:\windows\system32\drivers\srwlnd5.sys [2009-05-03 6:01 PM 48736]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 4:04 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{174D8758-344A-0791-E716-8C92B630F28A}]
c:\windows\system32\Extra\scvhost.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-725345543-839522115-1003.job
- c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 05:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - UserLogos
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\u3mc9kox.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox3\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox3\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 01:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-117609710-725345543-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,1d,04,d9,52,43,ed,26,2f,b6,ae,5d,72,22,4d,48,82,66,7e,af,02,7e,57,
56,6b,de,70,d1,73,bd,c3,cd,65,fa,59,b4,fd,fc,3d,45,69,a7,fe,d4,80,37,f1,e5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(6916)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\nvcpl.cpl
c:\windows\system32\PhysX.cpl
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\MPR.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
**************************************************************************
.
Completion time: 2009-06-20 1:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-20 05:24
ComboFix2.txt 2009-06-18 00:13

Pre-Run: 8,906,809,344 bytes free
Post-Run: 8,904,658,944 bytes free

Current=7 Default=7 Failed=2 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
360 --- E O F --- 2009-06-10 07:05

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:19 AM

Posted 23 June 2009 - 11:57 AM

Hello studlyadam,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 studlyadam

studlyadam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 June 2009 - 03:02 PM

I think I fixed it myself, I ran kaspersky from my windows 7 partition found 3 virus deleted them, then booted back into xp and ran combofix and it deleted the rest of the stuff and everything seems to be back to normal now... Thank you though!

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:19 AM

Posted 23 June 2009 - 03:23 PM

You're most welcome. :) And thank you so much for letting me know.

The only thing I was urge you to do now would be to delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer. ComboFix becomes outdated very quickly and will not run right. Also, there's a lot more to it than meets the eye, and I don't want you to chance ruining your newly clean computer. :thumbup2:

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:19 AM

Posted 30 June 2009 - 05:34 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users