Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sysguard2010 aka AntiVirus System PRO


  • This topic is locked This topic is locked
8 replies to this topic

#1 aquilusdomini

aquilusdomini

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Jackson, MI
  • Local time:02:35 AM

Posted 30 November 2009 - 06:29 AM

ok, here we go...
the operating system is Windows Vista, the virus is sysguard2010 aka antivirus system pro
sysguard makes all these fake virus alerts pop up as well as it hijacked IE so that i can't get to any websites other than the 5 websites that came with the virus, which consist of 3 porno sites, 1 viagra site, and the antivirus system pro purchase site. at reboot, i'm able to kill the running process which is gbfjsysguard.exe and that prevents it from producing the fake alerts and making the 5 websites pop up, however, IE still can't be used to get to other websites. right now i'm using AOL for internet browsing. sysguard doesn't let the computer run in safe mode, it freezes it and sometimes won't even get that far. when safemode is selected, a Frequency Out of Range window appears on the monitor. in other forums on how to manually remove the problem, they listed the registry keys that should exist and said to delete them. i cannot find them in the registry at all. also, when the process to run the virus isn't killed, the virus prevents the use of most programs on the computer, including notepad, anti-virus software, registry edit, and many others.
i read the guide on how to post to this area of the forum, but the rootrepeal program freezes when it gets to the File scanning and won't go any further. i do have the DDS logs though. is it possible to work from just those? i really appreciate the time you guys take out to help, we technically challenged people are very very thankful for those of you who know your way around a computer.

DDS log:


DDS (Ver_09-11-29.01) - NTFSx86
Run by Grr Argg at 4:57:38.92 on Mon 11/30/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2021.841 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\FreezeScreenSaver.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\1176099075\ee\aolsoftware.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Web\Wallpaper\Wallery\DesktopSlideShow.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Grr Argg\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: MRI_DISABLED - No File
BHO: Browser Address Error Redirector - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Power2GoExpress]
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
uRun: [DesktopWallpaper] c:\windows\web\wallpaper\wallery\DesktopSlideShow.exe
uRun: [rsyfslwi] c:\users\grr argg\appdata\local\iwqyym\gbfjsysguard.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=55805&sp=0&questionSet=&r=9553674&width=600&height=440&quality=high"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HostManager] c:\program files\common files\aol\1176099075\ee\AOLSoftware.exe
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT GWY] "c:\program files\gateway\eztune\DTHtml.exe" -startup_folder
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [trioService] "c:\progra~1\freeze.com\3d falling leaves\\trioService.exe "
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\grrarg~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\grr argg\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com
Trusted Zone: blogspot.com\environmentalistsblog
Trusted Zone: deviantart.com\davidluna
Trusted Zone: deviantart.com\www
Trusted Zone: myspace.com\profile
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-22 214664]
R2 FreezeScreenSaver;FreezeScreenSaver;c:\windows\system32\FreezeScreenSaver.exe [2008-10-4 69632]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-22 144704]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-4-6 3379264]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-12-18 5504]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-22 40552]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-5-22 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-25 135664]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S2 PremierOpinion;PremierOpinion;c:\program files\premieropinion\pmservice.exe /service --> c:\program files\premieropinion\pmservice.exe [?]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2007-4-6 14336]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-18 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-22 34248]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 0131251175870538mcinstcleanup;McAfee Application Installer Cleanup (0131251175870538);c:\windows\temp\013125~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\013125~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
S4 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
SUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-11-30 09:30:13 0 d-----w- c:\programdata\Cobian
2009-11-30 09:28:54 0 d-----w- c:\program files\Cobian Backup 9
2009-11-29 23:04:50 0 d-----w- c:\users\grrarg~1\appdata\roaming\Malwarebytes
2009-11-28 22:24:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 22:24:56 0 d-----w- c:\programdata\Malwarebytes
2009-11-28 22:24:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 22:24:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 08:00:48 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:01:43 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:01:42 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 21:01:40 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 07:14:23 14125 ----a-w- c:\users\grr argg\.recently-used.xbel
2009-11-23 08:02:59 535040 ----a-w- c:\windows\flashax.exe
2009-11-23 08:02:59 12288 ----a-w- c:\windows\impborl.dll
2009-11-23 08:02:59 0 d-----w- c:\windows\DarkTowerV dir
2009-11-23 07:35:00 887808 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-11-23 07:35:00 35105792 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-11-23 07:35:00 0 d-----w- c:\program files\Snow Village 3D Screensaver
2009-11-23 07:26:54 0 d-----w- c:\program files\Ask.com
2009-11-23 07:19:41 0 d-----w- c:\program files\ScenicReflections
2009-11-21 16:08:29 0 d-----w- c:\programdata\Real
2009-11-17 08:18:35 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:18:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:18:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 08:02:39 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 08:02:37 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 08:02:37 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 08:02:05 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 08:02:05 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 08:02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-17 08:02:02 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-17 08:02:00 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-11-17 08:02:00 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-17 08:00:18 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00:16 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-15 23:28:37 0 d-----w- c:\programdata\AOL Toolbar
2009-11-15 23:28:37 0 d-----w- c:\program files\AOL Toolbar
2009-11-15 23:28:31 0 d-----w- c:\program files\common files\Software Update Utility
2009-11-15 23:27:31 0 d-----w- c:\program files\AOL 9.5
2009-11-10 23:19:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:19:05 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 21:36:27 0 d-----w- c:\users\grr argg\oldgames
2009-11-07 21:35:35 0 d-----w- c:\program files\DOSBox-0.73
2009-11-04 08:02:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2009-11-17 08:18:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:18:30 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 08:18:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 08:18:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 14:38:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 14:38:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-10 06:03:50 12212051 ----a-w- c:\windows\Snowy Hut 3D Screensaver.scr
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-22 02:08:29 2499389 ----a-w- c:\windows\Ghostly Tomb.scr
2009-09-22 02:00:47 197120 ----a-w- c:\windows\system32\3-D Autumn Woods Demo.scr
2009-09-21 23:26:39 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2008-09-23 18:17:05 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 4:58:11.56 ===============

Attached Files


"The dead don't say 'no'."-unknown

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 30 November 2009 - 10:59 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 aquilusdomini

aquilusdomini
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Jackson, MI
  • Local time:02:35 AM

Posted 01 December 2009 - 02:24 AM

hi sam, thanks for helping me out here :(
i'm sorry it's taken a while for me to reply.
i've run combo fix, which made a few things happen to my user side of the computer
the recycle bin emptied itself and after the reboot, most of the programs i clicked on stated that an illegal operation had happened on a registry key slated for deletion, so i'm on the other user side of the computer right now, which works fine.
yesterday morning i found the file location of the sysguard and deleted it's file, but the virus seems to still be present because internet explorer still returns a message saying that it cannot connect to webpages.
below is the combo fix log:

ComboFix 09-11-30.02 - Grr Argg 12/01/2009 1:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2021.1035 [GMT -5:00]
Running from: c:\users\Grr Argg\Desktop\ComboFix.exe
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4278196236-3910043076-1921008887-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_FreezeScreenSaver
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 06:51 . 2009-12-01 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-01 06:51 . 2009-12-01 06:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-12-01 06:51 . 2009-12-01 06:51 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-11-30 09:30 . 2009-11-30 09:30 -------- d-----w- c:\programdata\Cobian
2009-11-30 09:28 . 2009-11-30 09:30 4096 d-----w- c:\program files\Cobian Backup 9
2009-11-29 23:04 . 2009-11-29 23:04 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\Malwarebytes
2009-11-28 22:24 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 22:24 . 2009-11-28 22:24 -------- d-----w- c:\programdata\Malwarebytes
2009-11-28 22:24 . 2009-11-29 23:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 22:24 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:51 . 2009-11-30 00:40 439816 ----a-w- c:\users\Grr Argg\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-25 08:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:01 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:01 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 08:59 . 2009-11-24 08:59 81920 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 08:59 . 2009-11-24 08:59 151552 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 08:59 . 2009-11-24 08:59 1153816 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 08:59 . 2009-11-24 08:59 1609732 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 08:59 . 2009-11-24 08:59 -------- d-----w- c:\users\Owner\AppData\Roaming\animatedscreensaver
2009-11-24 08:58 . 2009-11-24 08:58 -------- d-----w- c:\users\Owner\AppData\Roaming\TERMINAL Studio
2009-11-23 08:02 . 2009-11-23 08:03 -------- d-----w- c:\windows\DarkTowerV dir
2009-11-23 08:02 . 2009-11-23 08:02 535040 ----a-w- c:\windows\flashax.exe
2009-11-23 08:02 . 2009-11-23 08:02 12288 ----a-w- c:\windows\impborl.dll
2009-11-23 07:35 . 2009-11-23 07:35 4096 d-----w- c:\program files\Snow Village 3D Screensaver
2009-11-23 07:35 . 2009-01-09 17:09 35105792 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-11-23 07:35 . 2009-01-09 15:52 887808 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-11-23 07:26 . 2009-11-23 07:26 4096 d-----w- c:\program files\Ask.com
2009-11-23 07:19 . 2009-11-23 07:26 -------- d-----w- c:\program files\ScenicReflections
2009-11-22 00:08 . 2009-11-22 00:09 17237488 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-22 00:08 . 2009-11-22 00:08 8405312 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 149000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-22 00:08 . 2009-11-22 00:08 10309448 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 79368 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-22 00:08 . 2009-11-22 00:08 64000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-22 00:08 . 2009-11-22 00:08 52288 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 50688 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 118784 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-21 16:08 . 2009-11-21 16:08 439816 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-17 08:18 . 2009-11-17 08:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 08:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 08:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 08:02 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 08:02 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 08:02 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-17 08:02 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-17 08:02 . 2009-09-25 01:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-11-17 08:02 . 2009-09-24 22:54 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-17 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 22:36 . 2009-11-16 22:36 -------- d-----w- c:\users\Owner\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 4096 d-----w- c:\program files\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\programdata\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\users\Grr Argg\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-15 23:27 . 2009-11-15 23:30 16384 d-----w- c:\program files\AOL 9.5
2009-11-15 23:23 . 2009-11-15 23:23 43732816 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\setup.exe
2009-11-15 23:23 . 2009-11-15 23:23 42960 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\noneCodesignFilesBundle.exe
2009-11-10 23:19 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:19 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 21:36 . 2009-11-07 21:47 -------- d-----w- c:\users\Grr Argg\oldgames
2009-11-07 21:35 . 2009-11-07 21:35 4096 d-----w- c:\program files\DOSBox-0.73
2009-11-07 19:52 . 2009-11-07 20:04 -------- d-----w- c:\users\Grr Argg\AppData\Local\DOSBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 06:22 . 2008-03-31 00:04 4096 d-----w- c:\programdata\Google Updater
2009-11-30 13:45 . 2007-04-06 14:47 83480 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 08:10 . 2007-04-06 15:06 -------- d-----w- c:\program files\Trend Micro
2009-11-30 08:10 . 2007-04-06 23:35 83480 ----a-w- c:\users\Grr Argg\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 05:49 . 2006-12-18 17:20 4096 d-----w- c:\program files\Google
2009-11-24 22:54 . 2008-11-19 22:49 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 22:54 . 2008-11-19 22:49 1609732 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 22:54 . 2008-11-19 22:49 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 22:54 . 2008-11-19 22:49 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 07:14 . 2009-05-16 21:11 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\gtk-2.0
2009-11-17 08:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 04:45 . 2007-04-09 17:23 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
2009-11-16 04:40 . 2007-04-09 06:11 4096 d-----w- c:\programdata\AOL
2009-11-15 23:29 . 2007-04-09 06:16 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\AOL
2009-11-15 23:29 . 2007-04-09 06:11 4096 d-----w- c:\program files\Common Files\AOL
2009-11-15 23:27 . 2007-04-09 06:15 4096 d-----w- c:\program files\Common Files\aolshare
2009-11-15 23:23 . 2007-04-11 03:19 -------- d-----w- c:\programdata\AOL Downloads
2009-11-11 08:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 08:04 . 2006-12-18 17:18 8192 d-----w- c:\programdata\Microsoft Help
2009-11-09 17:37 . 2007-12-03 11:45 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 19:28 . 2009-03-18 01:35 4096 d-----w- c:\program files\Modern Age Books
2009-10-28 15:33 . 2009-10-28 15:33 4096 d-----w- c:\program files\Savings Bond Wizard
2009-10-28 14:38 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 14:38 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-20 03:31 . 2006-12-18 17:15 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 03:31 . 2009-05-07 19:56 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-10-15 07:02 . 2006-12-18 17:19 28672 d-----w- c:\program files\Microsoft Works
2009-10-10 06:03 . 2009-10-10 06:03 12212051 ----a-w- c:\windows\Snowy Hut 3D Screensaver.scr
2009-10-01 01:02 . 2009-11-17 08:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 08:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 08:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 08:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 08:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 08:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-17 08:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-09-25 02:10 . 2009-11-17 08:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 08:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 08:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 08:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 08:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 08:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 08:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 08:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 08:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32 . 2009-11-17 08:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 08:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 08:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 08:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 08:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 08:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 08:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 08:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 08:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 08:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 08:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 08:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-22 02:08 . 2009-09-22 02:08 2499389 ----a-w- c:\windows\Ghostly Tomb.scr
2009-09-22 02:00 . 2009-09-22 02:00 197120 ----a-w- c:\windows\system32\3-D Autumn Woods Demo.scr
2009-09-22 01:01 . 2008-10-04 21:05 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\screensavercontoller.dll
2009-09-22 01:01 . 2008-10-04 21:05 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\sysinfo.exe
2009-09-22 01:01 . 2008-10-04 21:05 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\flash.exe
2009-09-22 01:01 . 2008-10-04 21:05 1638404 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\swfplayer.exe
2009-09-16 14:22 . 2009-03-22 07:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-03-22 07:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-03-22 07:48 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-14 11:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 11:07 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 19:45 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-10-14 11:05 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"DesktopWallpaper"="c:\windows\Web\Wallpaper\Wallery\DesktopSlideShow.exe" [2008-06-10 438272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trioService"="c:\progra~1\Freeze.com\3D Falling Leaves\\trioService.exe " [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HostManager"="c:\program files\Common Files\AOL\1176099075\ee\AOLSoftware.exe" [2009-07-20 41264]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="c:\program files\Gateway\EzTune\DTHtml.exe" [2007-03-20 281600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-01 3032800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-01 185896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-02 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0131251175870538mcinstcleanup"=2 (0x2)
"AlertService"=2 (0x2)
"DQLWinService"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"IAANTMON"=2 (0x2)
"ISSM"=2 (0x2)
"M1 Server"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"PrismXL"=2 (0x2)
"Remote UI Service"=2 (0x2)
"STacSV"=2 (0x2)
"XAudioService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:e1,d6,40,45,15,3b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-500]
"EnableNotificationsRef"=dword:00000002

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 7:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 6:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [12/18/2006 12:09 PM 5504]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [5/22/2007 3:23 PM 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2009 12:46 AM 135664]
S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe /service --> c:\program files\PremierOpinion\pmservice.exe [?]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\System32\drivers\BEFCMU10V4XP.sys [4/6/2007 3:14 PM 14336]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/11/2008 12:10 AM 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2006 12:20 PM 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
S4 0131251175870538mcinstcleanup;McAfee Application Installer Cleanup (0131251175870538);c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 12:03 PM 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 12:52]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-11-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-05-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A8076C99-D2A1-440E-AA3A-2515C5FFD67B}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-11-30 c:\windows\Tasks\User_Feed_Synchronization-{ABFB7471-F860-4209-B393-A8100507B147}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com
Trusted Zone: blogspot.com\environmentalistsblog
Trusted Zone: deviantart.com\davidluna
Trusted Zone: deviantart.com\www
Trusted Zone: myspace.com\profile
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
HKCU-Run-rsyfslwi - c:\users\Grr Argg\AppData\Local\iwqyym\gbfjsysguard.exe
HKCU-Run-Power2GoExpress - (no file)
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Autumn Pumkins - c:\windows\DWUninst.exe Autumn Pumkins
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe uninst.ini
AddRemove-Easy-PhotoPrint - c:\program files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
AddRemove-File Recover_is1 - h:\file recover\unins000.exe
AddRemove-Microsoft Picture It! - c:\program files\Microsoft Picture It!\Setup\setup.exe
AddRemove-MySpaceIM - c:\program files\MySpace\IM\Uninstall.exe
AddRemove-PictureItSuiteTrial_v12 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=12
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-SecondLife - c:\program files\SecondLife\uninst.exe
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe uninstall
AddRemove-UndeletePlus_is1 - h:\undeleteplus\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 01:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5480)
c:\program files\Portrait Displays\Pivot Software\winphook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.5\shellmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2009-12-01 02:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-01 07:05

Pre-Run: 270,543,114,240 bytes free
Post-Run: 270,510,608,384 bytes free

- - End Of File - - 687A7C180E3F0AD7C703067CBEEC8AFD
"The dead don't say 'no'."-unknown

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 01 December 2009 - 08:16 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Reboot your computer and check IE to see if you're still having problems connecting.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 aquilusdomini

aquilusdomini
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Jackson, MI
  • Local time:02:35 AM

Posted 01 December 2009 - 06:32 PM

internet explorer is working fine now, everything seems like it's back to normal
here's the combofix log:







ComboFix 09-12-01.01 - Grr Argg 12/01/2009 18:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2021.1097 [GMT -5:00]
Running from: c:\users\Grr Argg\Desktop\ComboFix.exe
Command switches used :: c:\users\Grr Argg\Desktop\CFScript.txt
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-30 09:30 . 2009-11-30 09:30 -------- d-----w- c:\programdata\Cobian
2009-11-30 09:28 . 2009-11-30 09:30 4096 d-----w- c:\program files\Cobian Backup 9
2009-11-29 23:04 . 2009-11-29 23:04 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\Malwarebytes
2009-11-28 22:24 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 22:24 . 2009-11-28 22:24 -------- d-----w- c:\programdata\Malwarebytes
2009-11-28 22:24 . 2009-11-29 23:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 22:24 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:51 . 2009-11-30 00:40 439816 ----a-w- c:\users\Grr Argg\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-25 08:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:01 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:01 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 08:59 . 2009-11-24 08:59 81920 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 08:59 . 2009-11-24 08:59 151552 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 08:59 . 2009-11-24 08:59 1153816 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 08:59 . 2009-11-24 08:59 1609732 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 08:59 . 2009-11-24 08:59 -------- d-----w- c:\users\Owner\AppData\Roaming\animatedscreensaver
2009-11-24 08:58 . 2009-11-24 08:58 -------- d-----w- c:\users\Owner\AppData\Roaming\TERMINAL Studio
2009-11-23 08:02 . 2009-11-23 08:03 -------- d-----w- c:\windows\DarkTowerV dir
2009-11-23 08:02 . 2009-11-23 08:02 535040 ----a-w- c:\windows\flashax.exe
2009-11-23 08:02 . 2009-11-23 08:02 12288 ----a-w- c:\windows\impborl.dll
2009-11-23 07:35 . 2009-11-23 07:35 4096 d-----w- c:\program files\Snow Village 3D Screensaver
2009-11-23 07:35 . 2009-01-09 17:09 35105792 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-11-23 07:35 . 2009-01-09 15:52 887808 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-11-23 07:26 . 2009-11-23 07:26 4096 d-----w- c:\program files\Ask.com
2009-11-23 07:19 . 2009-11-23 07:26 -------- d-----w- c:\program files\ScenicReflections
2009-11-22 00:08 . 2009-11-22 00:09 17237488 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-22 00:08 . 2009-11-22 00:08 8405312 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 149000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-22 00:08 . 2009-11-22 00:08 10309448 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 79368 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-22 00:08 . 2009-11-22 00:08 64000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-22 00:08 . 2009-11-22 00:08 52288 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 50688 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 118784 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-21 16:08 . 2009-12-01 16:08 439816 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-17 08:18 . 2009-11-17 08:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 08:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 08:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 08:02 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 08:02 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 08:02 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-17 08:02 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-17 08:02 . 2009-09-25 01:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-11-17 08:02 . 2009-09-24 22:54 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-17 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 22:36 . 2009-11-16 22:36 -------- d-----w- c:\users\Owner\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 4096 d-----w- c:\program files\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\programdata\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\users\Grr Argg\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-15 23:27 . 2009-11-15 23:30 16384 d-----w- c:\program files\AOL 9.5
2009-11-15 23:23 . 2009-11-15 23:23 43732816 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\setup.exe
2009-11-15 23:23 . 2009-11-15 23:23 42960 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\noneCodesignFilesBundle.exe
2009-11-10 23:19 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:19 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 21:36 . 2009-11-07 21:47 -------- d-----w- c:\users\Grr Argg\oldgames
2009-11-07 21:35 . 2009-11-07 21:35 4096 d-----w- c:\program files\DOSBox-0.73
2009-11-07 19:52 . 2009-11-07 20:04 -------- d-----w- c:\users\Grr Argg\AppData\Local\DOSBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 06:22 . 2008-03-31 00:04 4096 d-----w- c:\programdata\Google Updater
2009-11-30 13:45 . 2007-04-06 14:47 83480 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 08:10 . 2007-04-06 15:06 -------- d-----w- c:\program files\Trend Micro
2009-11-30 08:10 . 2007-04-06 23:35 83480 ----a-w- c:\users\Grr Argg\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 05:49 . 2006-12-18 17:20 4096 d-----w- c:\program files\Google
2009-11-24 22:54 . 2008-11-19 22:49 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 22:54 . 2008-11-19 22:49 1609732 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 22:54 . 2008-11-19 22:49 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 22:54 . 2008-11-19 22:49 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 07:14 . 2009-05-16 21:11 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\gtk-2.0
2009-11-17 08:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 04:45 . 2007-04-09 17:23 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
2009-11-16 04:40 . 2007-04-09 06:11 4096 d-----w- c:\programdata\AOL
2009-11-15 23:29 . 2007-04-09 06:16 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\AOL
2009-11-15 23:29 . 2007-04-09 06:11 4096 d-----w- c:\program files\Common Files\AOL
2009-11-15 23:27 . 2007-04-09 06:15 4096 d-----w- c:\program files\Common Files\aolshare
2009-11-15 23:23 . 2007-04-11 03:19 -------- d-----w- c:\programdata\AOL Downloads
2009-11-11 08:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 08:04 . 2006-12-18 17:18 8192 d-----w- c:\programdata\Microsoft Help
2009-11-09 17:37 . 2007-12-03 11:45 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 19:28 . 2009-03-18 01:35 4096 d-----w- c:\program files\Modern Age Books
2009-10-28 15:33 . 2009-10-28 15:33 4096 d-----w- c:\program files\Savings Bond Wizard
2009-10-28 14:38 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 14:38 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-20 03:31 . 2006-12-18 17:15 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 03:31 . 2009-05-07 19:56 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-10-15 07:02 . 2006-12-18 17:19 28672 d-----w- c:\program files\Microsoft Works
2009-10-10 06:03 . 2009-10-10 06:03 12212051 ----a-w- c:\windows\Snowy Hut 3D Screensaver.scr
2009-10-01 01:02 . 2009-11-17 08:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 08:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 08:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 08:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 08:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 08:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-17 08:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-09-25 02:10 . 2009-11-17 08:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 08:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 08:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 08:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 08:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 08:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 08:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 08:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 08:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32 . 2009-11-17 08:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 08:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 08:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 08:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 08:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 08:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 08:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 08:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 08:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 08:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 08:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 08:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-22 02:08 . 2009-09-22 02:08 2499389 ----a-w- c:\windows\Ghostly Tomb.scr
2009-09-22 02:00 . 2009-09-22 02:00 197120 ----a-w- c:\windows\system32\3-D Autumn Woods Demo.scr
2009-09-22 01:01 . 2008-10-04 21:05 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\screensavercontoller.dll
2009-09-22 01:01 . 2008-10-04 21:05 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\sysinfo.exe
2009-09-22 01:01 . 2008-10-04 21:05 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\flash.exe
2009-09-22 01:01 . 2008-10-04 21:05 1638404 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\swfplayer.exe
2009-09-16 14:22 . 2009-03-22 07:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-03-22 07:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-03-22 07:48 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-14 11:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 11:07 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 19:45 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-10-14 11:05 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"DesktopWallpaper"="c:\windows\Web\Wallpaper\Wallery\DesktopSlideShow.exe" [2008-06-10 438272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trioService"="c:\progra~1\Freeze.com\3D Falling Leaves\\trioService.exe " [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HostManager"="c:\program files\Common Files\AOL\1176099075\ee\AOLSoftware.exe" [2009-07-20 41264]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="c:\program files\Gateway\EzTune\DTHtml.exe" [2007-03-20 281600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-01 3032800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-01 185896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-02 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0131251175870538mcinstcleanup"=2 (0x2)
"AlertService"=2 (0x2)
"DQLWinService"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"IAANTMON"=2 (0x2)
"ISSM"=2 (0x2)
"M1 Server"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"PrismXL"=2 (0x2)
"Remote UI Service"=2 (0x2)
"STacSV"=2 (0x2)
"XAudioService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:e1,d6,40,45,15,3b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-500]
"EnableNotificationsRef"=dword:00000002

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 7:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 6:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [12/18/2006 12:09 PM 5504]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [5/22/2007 3:23 PM 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2009 12:46 AM 135664]
S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe /service --> c:\program files\PremierOpinion\pmservice.exe [?]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\System32\drivers\BEFCMU10V4XP.sys [4/6/2007 3:14 PM 14336]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/11/2008 12:10 AM 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2006 12:20 PM 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
S4 0131251175870538mcinstcleanup;McAfee Application Installer Cleanup (0131251175870538);c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 12:03 PM 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 12:52]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-12-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-05-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A8076C99-D2A1-440E-AA3A-2515C5FFD67B}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{ABFB7471-F860-4209-B393-A8100507B147}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com
Trusted Zone: blogspot.com\environmentalistsblog
Trusted Zone: deviantart.com\davidluna
Trusted Zone: deviantart.com\www
Trusted Zone: myspace.com\profile
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 18:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3528)
c:\program files\Portrait Displays\Pivot Software\winphook.dll
.
Completion time: 2009-12-01 18:22
ComboFix-quarantined-files.txt 2009-12-01 23:22
ComboFix2.txt 2009-12-01 07:05

Pre-Run: 266,333,282,304 bytes free
Post-Run: 266,327,257,088 bytes free

- - End Of File - - C190D527082AA7EE4EC7C627FF96D58C
"The dead don't say 'no'."-unknown

#6 aquilusdomini

aquilusdomini
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Jackson, MI
  • Local time:02:35 AM

Posted 01 December 2009 - 06:40 PM

there's an emoticon in the log! :huh:
sorry about that, i really don't know why a smilie face showed up, but i'm disabling the emoticons
and i'll post the combofix log again
and once again, thanks for helping me, i don't know what i would have done if it weren't for volunteers like you

combo fix log:

ComboFix 09-12-01.01 - Grr Argg 12/01/2009 18:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2021.1097 [GMT -5:00]
Running from: c:\users\Grr Argg\Desktop\ComboFix.exe
Command switches used :: c:\users\Grr Argg\Desktop\CFScript.txt
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-12-01 23:17 . 2009-12-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-30 09:30 . 2009-11-30 09:30 -------- d-----w- c:\programdata\Cobian
2009-11-30 09:28 . 2009-11-30 09:30 4096 d-----w- c:\program files\Cobian Backup 9
2009-11-29 23:04 . 2009-11-29 23:04 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\Malwarebytes
2009-11-28 22:24 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 22:24 . 2009-11-28 22:24 -------- d-----w- c:\programdata\Malwarebytes
2009-11-28 22:24 . 2009-11-29 23:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 22:24 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:51 . 2009-11-30 00:40 439816 ----a-w- c:\users\Grr Argg\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-25 08:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:01 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:01 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 08:59 . 2009-11-24 08:59 81920 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 08:59 . 2009-11-24 08:59 151552 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 08:59 . 2009-11-24 08:59 1153816 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 08:59 . 2009-11-24 08:59 1609732 ----a-w- c:\users\Owner\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 08:59 . 2009-11-24 08:59 -------- d-----w- c:\users\Owner\AppData\Roaming\animatedscreensaver
2009-11-24 08:58 . 2009-11-24 08:58 -------- d-----w- c:\users\Owner\AppData\Roaming\TERMINAL Studio
2009-11-23 08:02 . 2009-11-23 08:03 -------- d-----w- c:\windows\DarkTowerV dir
2009-11-23 08:02 . 2009-11-23 08:02 535040 ----a-w- c:\windows\flashax.exe
2009-11-23 08:02 . 2009-11-23 08:02 12288 ----a-w- c:\windows\impborl.dll
2009-11-23 07:35 . 2009-11-23 07:35 4096 d-----w- c:\program files\Snow Village 3D Screensaver
2009-11-23 07:35 . 2009-01-09 17:09 35105792 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-11-23 07:35 . 2009-01-09 15:52 887808 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-11-23 07:26 . 2009-11-23 07:26 4096 d-----w- c:\program files\Ask.com
2009-11-23 07:19 . 2009-11-23 07:26 -------- d-----w- c:\program files\ScenicReflections
2009-11-22 00:08 . 2009-11-22 00:09 17237488 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-22 00:08 . 2009-11-22 00:08 8405312 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 149000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-22 00:08 . 2009-11-22 00:08 10309448 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-22 00:08 . 2009-11-22 00:08 79368 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-22 00:08 . 2009-11-22 00:08 64000 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-22 00:08 . 2009-11-22 00:08 52288 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 50688 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-22 00:08 . 2009-11-22 00:08 118784 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-21 16:08 . 2009-12-01 16:08 439816 ----a-w- c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-17 08:18 . 2009-11-17 08:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 08:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 08:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 08:02 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 08:02 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 08:02 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-17 08:02 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-17 08:02 . 2009-09-25 01:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-11-17 08:02 . 2009-09-24 22:54 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-17 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 22:36 . 2009-11-16 22:36 -------- d-----w- c:\users\Owner\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 4096 d-----w- c:\program files\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\programdata\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\users\Grr Argg\AppData\Local\AOL Toolbar
2009-11-15 23:28 . 2009-11-15 23:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-15 23:27 . 2009-11-15 23:30 16384 d-----w- c:\program files\AOL 9.5
2009-11-15 23:23 . 2009-11-15 23:23 43732816 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\setup.exe
2009-11-15 23:23 . 2009-11-15 23:23 42960 ----a-w- c:\programdata\AOL Downloads\waol_single\4337.155.1.1\noneCodesignFilesBundle.exe
2009-11-10 23:19 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:19 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 21:36 . 2009-11-07 21:47 -------- d-----w- c:\users\Grr Argg\oldgames
2009-11-07 21:35 . 2009-11-07 21:35 4096 d-----w- c:\program files\DOSBox-0.73
2009-11-07 19:52 . 2009-11-07 20:04 -------- d-----w- c:\users\Grr Argg\AppData\Local\DOSBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 06:22 . 2008-03-31 00:04 4096 d-----w- c:\programdata\Google Updater
2009-11-30 13:45 . 2007-04-06 14:47 83480 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 08:10 . 2007-04-06 15:06 -------- d-----w- c:\program files\Trend Micro
2009-11-30 08:10 . 2007-04-06 23:35 83480 ----a-w- c:\users\Grr Argg\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 05:49 . 2006-12-18 17:20 4096 d-----w- c:\program files\Google
2009-11-24 22:54 . 2008-11-19 22:49 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\screensavercontoller.dll
2009-11-24 22:54 . 2008-11-19 22:49 1609732 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\swfplayer.exe
2009-11-24 22:54 . 2008-11-19 22:49 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\sysinfo.exe
2009-11-24 22:54 . 2008-11-19 22:49 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\animatedscreensaver\xmassfireplace_screensaver\flash.exe
2009-11-24 07:14 . 2009-05-16 21:11 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\gtk-2.0
2009-11-17 08:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:18 . 2009-11-17 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 04:45 . 2007-04-09 17:23 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
2009-11-16 04:40 . 2007-04-09 06:11 4096 d-----w- c:\programdata\AOL
2009-11-15 23:29 . 2007-04-09 06:16 -------- d-----w- c:\users\Grr Argg\AppData\Roaming\AOL
2009-11-15 23:29 . 2007-04-09 06:11 4096 d-----w- c:\program files\Common Files\AOL
2009-11-15 23:27 . 2007-04-09 06:15 4096 d-----w- c:\program files\Common Files\aolshare
2009-11-15 23:23 . 2007-04-11 03:19 -------- d-----w- c:\programdata\AOL Downloads
2009-11-11 08:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 08:04 . 2006-12-18 17:18 8192 d-----w- c:\programdata\Microsoft Help
2009-11-09 17:37 . 2007-12-03 11:45 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 19:28 . 2009-03-18 01:35 4096 d-----w- c:\program files\Modern Age Books
2009-10-28 15:33 . 2009-10-28 15:33 4096 d-----w- c:\program files\Savings Bond Wizard
2009-10-28 14:38 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 14:38 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-20 03:31 . 2006-12-18 17:15 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 03:31 . 2009-05-07 19:56 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-10-15 07:02 . 2006-12-18 17:19 28672 d-----w- c:\program files\Microsoft Works
2009-10-10 06:03 . 2009-10-10 06:03 12212051 ----a-w- c:\windows\Snowy Hut 3D Screensaver.scr
2009-10-01 01:02 . 2009-11-17 08:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 08:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 08:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 08:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 08:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 08:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-17 08:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-09-25 02:10 . 2009-11-17 08:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 08:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 08:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 08:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 08:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 08:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 08:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 08:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 08:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32 . 2009-11-17 08:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 08:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 08:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 08:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 08:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 08:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 08:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 08:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 08:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 08:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 08:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 08:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-22 02:08 . 2009-09-22 02:08 2499389 ----a-w- c:\windows\Ghostly Tomb.scr
2009-09-22 02:00 . 2009-09-22 02:00 197120 ----a-w- c:\windows\system32\3-D Autumn Woods Demo.scr
2009-09-22 01:01 . 2008-10-04 21:05 81920 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\screensavercontoller.dll
2009-09-22 01:01 . 2008-10-04 21:05 151552 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\sysinfo.exe
2009-09-22 01:01 . 2008-10-04 21:05 1153816 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\flash.exe
2009-09-22 01:01 . 2008-10-04 21:05 1638404 ----a-w- c:\users\Grr Argg\AppData\Roaming\elefundesktops\thegreatlake_screensaver\swfplayer.exe
2009-09-16 14:22 . 2009-03-22 07:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-03-22 07:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-03-22 07:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-03-22 07:48 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-14 11:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 11:07 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 19:45 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-10-14 11:05 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"DesktopWallpaper"="c:\windows\Web\Wallpaper\Wallery\DesktopSlideShow.exe" [2008-06-10 438272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trioService"="c:\progra~1\Freeze.com\3D Falling Leaves\\trioService.exe " [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HostManager"="c:\program files\Common Files\AOL\1176099075\ee\AOLSoftware.exe" [2009-07-20 41264]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="c:\program files\Gateway\EzTune\DTHtml.exe" [2007-03-20 281600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-01 3032800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-01 185896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-02 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0131251175870538mcinstcleanup"=2 (0x2)
"AlertService"=2 (0x2)
"DQLWinService"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"IAANTMON"=2 (0x2)
"ISSM"=2 (0x2)
"M1 Server"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"PrismXL"=2 (0x2)
"Remote UI Service"=2 (0x2)
"STacSV"=2 (0x2)
"XAudioService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e1,d6,40,45,15,3b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-500]
"EnableNotificationsRef"=dword:00000002

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 7:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 6:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [12/18/2006 12:09 PM 5504]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [5/22/2007 3:23 PM 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2009 12:46 AM 135664]
S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe /service --> c:\program files\PremierOpinion\pmservice.exe [?]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\System32\drivers\BEFCMU10V4XP.sys [4/6/2007 3:14 PM 14336]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/11/2008 12:10 AM 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2006 12:20 PM 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
S4 0131251175870538mcinstcleanup;McAfee Application Installer Cleanup (0131251175870538);c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\013125~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 12:03 PM 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 12:52]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:46]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-12-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-05-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A8076C99-D2A1-440E-AA3A-2515C5FFD67B}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{ABFB7471-F860-4209-B393-A8100507B147}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5420
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Grr Argg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com
Trusted Zone: blogspot.com\environmentalistsblog
Trusted Zone: deviantart.com\davidluna
Trusted Zone: deviantart.com\www
Trusted Zone: myspace.com\profile
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 18:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PTW0312\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM00A1\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\TCLF712\4&325f8be7&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3528)
c:\program files\Portrait Displays\Pivot Software\winphook.dll
.
Completion time: 2009-12-01 18:22
ComboFix-quarantined-files.txt 2009-12-01 23:22
ComboFix2.txt 2009-12-01 07:05

Pre-Run: 266,333,282,304 bytes free
Post-Run: 266,327,257,088 bytes free

- - End Of File - - C190D527082AA7EE4EC7C627FF96D58C
"The dead don't say 'no'."-unknown

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 01 December 2009 - 06:59 PM

Looks good to me! :(


We need to remove Combofix now that we're done with it.
  • Click START->RUN
  • Now type Combofix /uninstall in the runbox and click OK

==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 aquilusdomini

aquilusdomini
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Jackson, MI
  • Local time:02:35 AM

Posted 01 December 2009 - 07:48 PM

awesome :(
thanks a bunch :(
"The dead don't say 'no'."-unknown

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 02 December 2009 - 08:47 AM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users