Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help on Virus report from Combo fix tool


  • This topic is locked This topic is locked
1 reply to this topic

#1 velpuri

velpuri

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 November 2009 - 10:52 PM

ComboFix 09-11-17.01 - Aricent 11/19/2009 19:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.979.506 [GMT -5:00]
Running from: c:\documents and settings\Aricent\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aricent\Local Settings\Application Data\qcnhjl
c:\documents and settings\Aricent\Local Settings\Application Data\qcnhjl\jvfwsysguard.exe
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-18 03:10 . 2009-11-18 03:10 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-11-18 03:03 . 2009-11-18 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-11-18 02:55 . 2009-11-18 02:55 -------- d-----w- c:\program files\Pure Networks
2009-11-16 02:28 . 2009-11-16 02:28 -------- d-----w- c:\program files\Alwil Software
2009-11-15 04:15 . 2009-11-15 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-15 04:12 . 2009-11-15 04:13 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-15 04:12 . 2009-11-15 04:12 -------- d-----w- c:\windows\system32\drivers\umdf
2009-11-15 04:10 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-15 04:10 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-11-15 04:10 . 2009-11-15 04:13 -------- d-----w- c:\program files\AVS4YOU
2009-11-15 04:10 . 2008-08-13 15:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-15 04:10 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-15 03:07 . 2009-11-15 16:07 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\AskToolbar
2009-11-15 02:46 . 2009-11-15 02:46 -------- d-----w- c:\program files\Ask.com
2009-11-15 02:08 . 2009-11-15 02:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-11-15 01:54 . 2009-11-15 01:54 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Real
2009-11-15 01:53 . 2009-11-15 01:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-15 01:52 . 2009-11-15 01:52 79488 ----a-w- c:\documents and settings\Aricent\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 01:50 . 2009-11-15 01:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-13 02:55 . 2009-11-13 02:55 -------- d--h--w- c:\windows\PIF
2009-11-08 16:40 . 2009-11-08 16:40 488968 ----a-w- c:\documents and settings\Aricent\Application Data\Real\Update\setup\setup.exe
2009-11-08 16:34 . 2009-11-15 01:53 -------- d-----w- c:\program files\Common Files\Real
2009-11-08 16:34 . 2009-11-15 01:52 -------- d-----w- c:\program files\Real
2009-11-07 02:11 . 2009-11-07 02:22 -------- d-----w- c:\windows\APW_DATA
2009-11-07 02:11 . 2009-11-07 02:11 -------- d-----w- c:\documents and settings\Aricent\WINDOWS
2009-11-07 01:05 . 2001-08-17 08:26 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-07 01:05 . 2001-08-17 08:26 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-11-05 04:00 . 2009-11-05 04:00 -------- d-----w- c:\program files\Araxis
2009-11-05 03:24 . 2001-08-17 17:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-05 03:24 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-05 03:24 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-05 03:24 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-04 12:21 . 2009-11-04 12:21 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Yahoo
2009-11-04 04:26 . 2009-05-26 14:20 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-11-04 04:21 . 2009-11-15 01:31 -------- d-----w- c:\documents and settings\Aricent\Application Data\Yahoo!
2009-11-03 03:53 . 2009-11-15 18:59 -------- d-----w- c:\documents and settings\Aricent\Application Data\dvdcss
2009-11-02 13:45 . 2009-11-17 11:23 -------- d-----w- C:\QUARANTINE
2009-11-02 13:39 . 2009-11-03 19:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-11-01 16:46 . 2009-11-01 16:46 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-11-01 16:45 . 2009-11-01 16:45 -------- d-----w- c:\windows\system32\FxsTmp
2009-11-01 14:09 . 2009-10-06 12:10 52224 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{6da12b8a-5a10-4b0c-9ecf-5bedd6fe7a00}\components\FFExternalAlert.dll
2009-11-01 14:09 . 2009-10-06 12:10 114688 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{6da12b8a-5a10-4b0c-9ecf-5bedd6fe7a00}\components\npmozax.dll
2009-10-30 21:40 . 2009-10-30 21:40 -------- d-----w- c:\documents and settings\Aricent\Application Data\Citrix
2009-10-30 21:07 . 2009-10-30 21:07 -------- d-----w- c:\documents and settings\Aricent\Application Data\Windows Search
2009-10-30 16:03 . 2009-10-31 23:20 -------- d-----w- c:\program files\WorldTime Clock
2009-10-30 03:48 . 2009-10-30 03:48 -------- d-sh--w- c:\documents and settings\Aricent\PrivacIE
2009-10-30 03:48 . 2009-10-30 03:48 -------- d-sh--w- c:\documents and settings\Aricent\IECompatCache
2009-10-30 03:44 . 2009-10-30 03:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-30 03:41 . 2009-10-30 03:41 -------- d-sh--w- c:\documents and settings\Aricent\IETldCache
2009-10-30 03:36 . 2009-08-29 07:36 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2009-10-30 03:36 . 2009-08-29 07:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 14:58 . 2009-10-29 14:58 -------- d-----w- c:\program files\PawPrint.net
2009-10-29 11:21 . 2009-10-29 11:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Softonic_VLC_EN
2009-10-29 11:21 . 2009-10-29 11:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-29 03:05 . 2009-10-29 03:05 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\PCHealth
2009-10-29 00:45 . 2009-10-19 09:00 872960 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-10-29 00:45 . 2009-10-19 09:00 43008 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-10-29 00:45 . 2009-10-19 09:00 340480 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-10-29 00:45 . 2009-10-19 09:00 346624 ----a-w- c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-10-27 15:34 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-27 15:34 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-27 15:29 . 2008-08-08 05:17 274432 ----a-w- c:\windows\tsnp2std.exe
2009-10-27 15:29 . 2008-07-17 04:15 188928 ----a-w- c:\windows\FixCamera.exe
2009-10-27 15:29 . 2007-09-28 11:02 344064 ----a-w- c:\windows\vsnp2std.exe
2009-10-27 15:29 . 2007-08-20 05:40 94208 ----a-w- c:\windows\amcap.exe
2009-10-27 15:29 . 2005-01-26 10:15 349472 ----a-w- c:\windows\WindowsXP-KB822603-x86.exe
2009-10-27 15:29 . 2008-08-08 04:26 12260352 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
2009-10-27 15:29 . 2008-06-03 10:02 255488 ----a-w- c:\windows\system32\vsnp2std.dll
2009-10-27 15:29 . 2008-02-12 05:11 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
2009-10-27 15:29 . 2007-02-05 09:55 151552 ----a-w- c:\windows\system32\rsnp2std.dll
2009-10-27 15:29 . 2009-10-27 15:29 -------- d-----w- c:\program files\Common Files\snp2std
2009-10-27 15:29 . 2006-11-16 10:27 77824 ----a-w- c:\windows\system32\csnp2std.dll
2009-10-27 15:28 . 2009-10-30 16:23 -------- d-----w- c:\program files\EditPlus 2
2009-10-27 01:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-27 01:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-27 01:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-27 01:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-27 01:34 . 2009-10-27 01:34 -------- d-----w- C:\9611ce65fc1e485f349509adea55a8
2009-10-27 01:34 . 2009-10-27 01:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-26 16:10 . 2009-10-28 04:32 -------- d-----w- c:\documents and settings\Aricent\Application Data\ICAClient
2009-10-26 15:14 . 2009-10-27 01:35 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Softonic_VLC_EN
2009-10-26 15:14 . 2009-10-26 15:14 -------- d-----w- c:\program files\Conduit
2009-10-26 15:14 . 2009-10-26 15:14 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Conduit
2009-10-26 15:14 . 2009-11-15 22:12 -------- d-----w- c:\documents and settings\Aricent\Application Data\vlc
2009-10-26 15:14 . 2009-10-26 15:14 -------- d-----w- c:\program files\Softonic_VLC_EN
2009-10-26 15:14 . 2009-10-26 15:14 -------- d-----w- c:\program files\VideoLAN
2009-10-26 14:04 . 2008-04-14 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-10-26 13:33 . 2009-11-19 20:33 -------- d-----w- c:\documents and settings\Aricent\Application Data\uTorrent
2009-10-26 13:27 . 2009-10-26 13:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-26 13:27 . 2009-11-12 23:44 -------- d-----w- c:\documents and settings\Aricent\Application Data\skypePM
2009-10-26 13:27 . 2009-11-13 03:20 -------- d-----w- c:\documents and settings\Aricent\Application Data\Skype
2009-10-26 13:25 . 2009-10-26 13:25 -------- d-----w- c:\program files\Common Files\Skype
2009-10-26 13:25 . 2009-10-26 13:25 -------- d-----r- c:\program files\Skype
2009-10-26 13:25 . 2009-10-26 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-26 13:23 . 2009-10-26 13:25 -------- d-----w- c:\documents and settings\Aricent\Application Data\Aventail
2009-10-26 13:15 . 2009-10-26 13:15 -------- d-----w- c:\program files\Citrix
2009-10-26 13:15 . 2009-11-01 22:51 -------- d-----w- c:\documents and settings\Aricent\Application Data\Apple Computer
2009-10-26 13:14 . 2009-03-19 11:02 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-26 13:14 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\program files\iPod
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\program files\iTunes
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\program files\Bonjour
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\program files\QuickTime
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Apple
2009-10-26 13:14 . 2009-10-26 13:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-26 13:13 . 2009-10-26 13:14 -------- d-----w- c:\program files\Common Files\Apple
2009-10-26 13:13 . 2009-10-26 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-26 13:13 . 2009-10-26 13:15 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Apple Computer
2009-10-26 13:13 . 2009-11-15 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-26 13:13 . 2009-11-15 02:02 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Google
2009-10-26 13:13 . 2009-11-15 21:49 -------- d-----w- c:\program files\Google
2009-10-26 13:13 . 2009-11-15 01:45 -------- d-----w- c:\program files\Yahoo!
2009-10-26 13:11 . 2009-10-26 13:11 0 ----a-w- c:\windows\nsreg.dat
2009-10-26 13:11 . 2009-10-26 13:11 -------- d-----w- c:\documents and settings\Aricent\Local Settings\Application Data\Mozilla
2009-10-26 10:00 . 2009-10-26 14:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-10-26 01:24 . 2009-10-26 01:24 -------- d-sh--w- c:\documents and settings\Aricent\UserData
2009-10-26 01:17 . 2009-10-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DellUCM
2009-10-24 03:45 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-23 06:56 . 2009-08-06 13:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-23 06:56 . 2009-08-06 13:53 215920 ----a-w- c:\windows\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 20:19 . 2009-10-06 05:38 0 ----a-w- c:\documents and settings\Aricent\Local Settings\Application Data\WavXMapDrive.bat
2009-11-15 01:52 . 2006-08-14 04:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-15 01:52 . 2006-07-11 13:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-15 01:45 . 2009-09-29 03:39 -------- d-----w- c:\program files\Windows Desktop Search
2009-11-15 01:30 . 2009-11-14 23:56 -------- d-----w- c:\program files\Winamp
2009-11-15 00:38 . 2009-11-14 23:56 -------- d-----w- c:\documents and settings\Aricent\Application Data\Winamp
2009-10-29 01:20 . 2009-09-29 04:07 44616 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 01:19 . 2009-09-29 03:59 44616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:29 . 2009-09-29 03:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 02:17 . 2009-10-10 07:41 -------- d-----w- c:\program files\Microsoft Office Communicator
2009-10-10 08:49 . 2009-10-10 08:49 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-10-10 08:49 . 2009-10-10 08:49 -------- d-----w- c:\program files\Cisco Systems
2009-10-10 07:58 . 2009-10-10 07:58 -------- d-----w- c:\program files\Microsoft
2009-10-10 07:58 . 2009-10-10 07:57 -------- d-----w- c:\program files\Windows Live
2009-10-10 07:57 . 2009-10-10 07:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-10 07:54 . 2009-10-10 07:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-10 07:51 . 2009-10-10 07:51 -------- d-----w- c:\program files\Aricent
2009-10-10 07:50 . 2009-10-10 07:50 -------- d-----w- c:\program files\activePDF
2009-10-10 07:48 . 2009-10-10 07:48 -------- d-----w- c:\program files\MSECache
2009-10-10 07:43 . 2009-10-10 07:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-10 07:42 . 2009-10-10 07:42 -------- d-----w- c:\program files\Microsoft.NET
2009-10-10 07:35 . 2009-10-10 07:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-10 07:33 . 2009-10-10 07:33 -------- d-----w- c:\program files\7-Zip
2009-10-10 07:32 . 2009-10-10 07:32 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-29 20:54 . 2009-09-29 20:54 -------- d-----w- c:\program files\CONEXANT
2009-09-29 20:54 . 2009-09-29 20:54 -------- d-----w- c:\program files\IDT
2009-09-29 20:54 . 2009-09-29 20:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-29 20:54 . 2009-09-29 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-09-29 20:54 . 2009-09-29 20:54 -------- d-----w- c:\program files\DellTPad
2009-09-29 16:49 . 2009-09-29 16:49 5400 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_E5400.mrk
2009-09-29 04:06 . 2009-10-06 05:38 -------- d-----w- c:\documents and settings\Aricent\Application Data\Wave Systems Corp
2009-09-29 04:06 . 2009-10-06 05:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2009-09-29 04:06 . 2009-09-29 03:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wave Systems Corp
2009-09-29 04:06 . 2009-09-29 04:06 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2009-09-29 04:05 . 2009-09-29 04:05 -------- d-----w- c:\program files\SRS Labs
2009-09-29 04:03 . 2009-09-29 04:03 -------- d-----w- c:\program files\Telespree
2009-09-29 04:03 . 2009-09-29 04:03 -------- d-----w- c:\program files\Common Files\Telespree
2009-09-29 04:03 . 2009-09-29 04:03 -------- d-----w- c:\program files\AT&T
2009-09-29 04:03 . 2009-09-29 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-09-29 04:00 . 2009-09-29 04:00 -------- d-----w- c:\program files\MSXML 6.0
2009-09-29 03:59 . 2009-10-06 05:38 -------- d-----w- c:\documents and settings\Aricent\Application Data\Broadcom
2009-09-29 03:59 . 2009-10-06 05:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Broadcom
2009-09-29 03:59 . 2009-09-29 03:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Broadcom
2009-09-29 03:59 . 2009-10-06 05:38 27264 ----a-w- c:\documents and settings\Aricent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 03:59 . 2009-09-29 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-09-29 03:58 . 2009-09-29 03:56 -------- d-----w- c:\program files\Wave Systems Corp
2009-09-29 03:58 . 2009-09-29 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Wave Systems Corp
2009-09-29 03:56 . 2009-09-29 03:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-29 03:55 . 2009-09-29 03:55 -------- d-----w- c:\program files\NTRU Cryptosystems
2009-09-29 03:55 . 2009-09-29 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NTRU Cryptosystems
2009-09-29 03:54 . 2009-09-29 03:45 -------- d-----w- c:\program files\Broadcom
2009-09-29 03:54 . 2009-09-29 03:54 -------- d-----w- c:\program files\Intel
2009-09-29 03:54 . 2009-09-29 03:54 -------- d-----w- c:\program files\NetWaiting
2009-09-29 03:53 . 2009-09-29 03:53 -------- d-----w- c:\program files\Digital Line Detect
2009-09-29 03:53 . 2009-10-06 05:38 -------- d-----w- c:\documents and settings\Aricent\Application Data\InstallShield
2009-09-29 03:53 . 2009-10-06 05:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-09-29 03:53 . 2009-09-29 03:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-09-29 03:53 . 2009-09-29 03:53 -------- d-----w- c:\program files\Modem Diagnostic Tool
2009-09-29 03:47 . 2009-10-06 05:38 11758 ----a-r- c:\documents and settings\Aricent\Application Data\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}\ARPPRODUCTICON.exe
2009-09-29 03:47 . 2009-10-06 05:38 11758 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}\ARPPRODUCTICON.exe
2009-09-29 03:47 . 2009-09-29 03:47 11758 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}\ARPPRODUCTICON.exe
2009-09-29 03:47 . 2009-09-29 03:47 -------- d-----w- c:\program files\Fingerprint Sensor
2009-09-29 03:47 . 2009-09-29 03:47 -------- d-----w- c:\program files\DIFX
2009-09-29 03:45 . 2009-10-06 05:38 365322 ----a-r- c:\documents and settings\Aricent\Application Data\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe
2009-09-29 03:45 . 2009-10-06 05:38 365322 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe
2009-09-29 03:45 . 2009-09-29 03:45 365322 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe
2009-09-29 03:45 . 2009-10-06 05:38 365322 ----a-r- c:\documents and settings\Aricent\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2009-09-29 03:45 . 2009-10-06 05:38 365322 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2009-09-29 03:45 . 2009-09-29 03:45 365322 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
2009-09-29 03:42 . 2009-09-29 03:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 03:41 . 2009-09-29 03:41 -------- d-----w- c:\program files\Java
2009-09-29 03:39 . 2009-10-06 05:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2009-09-29 03:39 . 2009-09-29 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-09-29 03:33 . 2009-09-29 03:33 -------- d-----w- c:\program files\MSXML 4.0
2009-09-29 03:30 . 2008-04-25 21:28 87643 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-11 14:18 . 2008-04-25 16:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-25 16:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-16 12:12 . 2008-08-16 12:12 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 12:12 . 2008-08-16 12:12 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 12:12 . 2008-08-16 12:12 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 12:12 . 2008-08-16 12:12 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 12:13 . 2008-08-16 12:13 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 12:12 . 2008-08-16 12:12 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 12:12 . 2008-08-16 12:12 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 03:11 . 2008-05-21 03:11 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 03:11 . 2008-05-21 03:11 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 03:11 . 2008-05-21 03:11 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 08:28 . 2008-06-05 08:28 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 12:12 . 2008-08-16 12:12 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e6570cd8-9978-4621-b1f9-6a62436f0466}"= "c:\program files\Softonic_VLC_EN\tbSoft.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6570cd8-9978-4621-b1f9-6a62436f0466}]
2009-07-15 04:39 2224152 ----a-w- c:\program files\Softonic_VLC_EN\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e6570cd8-9978-4621-b1f9-6a62436f0466}"= "c:\program files\Softonic_VLC_EN\tbSoft.dll" [2009-07-15 2224152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E6570CD8-9978-4621-B1F9-6A62436F0466}"= "c:\program files\Softonic_VLC_EN\tbSoft.dll" [2009-07-15 2224152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 04:33 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 04:33 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"WorldTime Clock"="c:\program files\WorldTime Clock\Clock.exe" [2009-07-16 343552]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"uTorrent"="c:\documents and settings\Aricent\Desktop\utorrent.exe" [2009-11-15 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-09-29 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-04-10 1810432]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-06-29 5071200]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"FixCamera"="c:\windows\FixCamera.exe" [2008-07-17 188928]
"tsnp2std"="c:\windows\tsnp2std.exe" [2008-08-08 274432]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-28 122880]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2005-12-12 874064]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Citrix XenApp.lnk - c:\windows\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2009-10-26 73728]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-28 50688]
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2009-10-10 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Documents and Settings\\Aricent\\Application Data\\Aventail\\ewpca\\ewpca.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Aricent\\Desktop\\utorrent.exe"=

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 3:17 AM 1664248]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 1:38 AM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/29/2009 11:49 AM 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/29/2009 11:50 AM 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [9/28/2009 11:05 PM 232744]
S2 AppService;AppService;c:\program files\Aricent\Service\AppService.exe [10/31/2008 9:48 AM 28672]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:37 AM 320800]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 3:32 AM 447264]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2009-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 19:56]

2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{2531FEBE-5C6C-4C4C-A5AB-5032FEB8A4A2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=in&l=en&s=gen
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15153&l=dis
FF - component: c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Aricent\Application Data\Mozilla\Firefox\Profiles\0aodqk18.default\extensions\{6da12b8a-5a10-4b0c-9ecf-5bedd6fe7a00}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-kqoujwmd - c:\documents and settings\Aricent\Local Settings\Application Data\qcnhjl\jvfwsysguard.exe
HKLM-Run-kqoujwmd - c:\documents and settings\Aricent\Local Settings\Application Data\qcnhjl\jvfwsysguard.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E91170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7512f28
\Driver\ACPI -> ACPI.sys @ 0xf73a5cb8
\Driver\iaStor -> iaStor.sys @ 0xf728e6ae
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetXtreme 57xx Gigabit Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xf7162bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7151a0d
SendHandler -> NDIS.sys @ 0xf7165b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\windows\system32\WININET.dll
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1468)
c:\windows\system32\WININET.dll
c:\windows\system32\wvauth.dll
.
Completion time: 2009-11-19 19:20
ComboFix-quarantined-files.txt 2009-11-20 00:20

Pre-Run: 7,017,324,544 bytes free
Post-Run: 7,282,769,920 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 53F35C396C45C3CE1DF16624290D55AE

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:22 AM

Posted 21 November 2009 - 11:32 PM

ComboFix logs should not be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users