Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect issue


  • This topic is locked This topic is locked
65 replies to this topic

#1 bwood05

bwood05

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 26 February 2010 - 08:01 PM

When I search for things and then click on any of the results it directs me to advertisements.
I ran a system files check, done virus scans using SuperAntiSpyware, Malewarebytes, McAfee, and Microsoft Security Essentials none of which have solved the issue.
As per the Preparation Guide here is my DDS log and other attached logs.

Thank you in advance for any help you can provide me.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Brandon at 18:47:27.30 on Fri 02/26/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2334 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Brandon\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\brandon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SansaDispatch] c:\users\brandon\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\brandon\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266454170630
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\snil93bf.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/
FF - component: c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\snil93bf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\brandon\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\brandon\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\brandon\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2009-3-9 14464]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-6 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-6 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-6 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-6 144704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-6 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-6 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-6 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-6 40552]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1c9bfa5221a2ba;Google Update Service (gupdate1c9bfa5221a2ba);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-6 34248]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2009-12-9 46592]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-1-3 27136]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-10-7 209408]

=============== Created Last 30 ================

2010-02-26 04:22:08 0 d-----w- c:\program files\ESET
2010-02-26 04:08:04 0 d-----w- C:\$RECYCLE.BIN
2010-02-26 03:56:26 77312 ----a-w- c:\windows\MBR.exe
2010-02-26 03:56:24 261632 ----a-w- c:\windows\PEV.exe
2010-02-26 03:56:24 161792 ----a-w- c:\windows\SWREG.exe
2010-02-26 03:56:23 98816 ----a-w- c:\windows\sed.exe
2010-02-26 02:18:30 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-26 02:18:20 0 d-----w- c:\users\brandon\appdata\roaming\SUPERAntiSpyware.com
2010-02-26 02:18:20 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 02:05:31 0 d-----w- c:\users\brandon\appdata\roaming\Malwarebytes
2010-02-26 02:05:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 02:05:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 02:05:23 0 d-----w- c:\programdata\Malwarebytes
2010-02-26 02:05:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 04:50:17 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:50:16 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:50:14 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:50:13 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:50:13 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:50:12 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:50:12 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:50:12 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:50:12 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 04:50:05 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 04:50:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 04:50:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 04:28:24 0 d-----w- c:\windows\system32\Adobe
2010-02-24 03:56:38 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 22:51:40 74752 ----a-w- c:\windows\system32\bdfb.sys
2010-02-15 19:58:37 0 d-----w- c:\program files\MSECACHE
2010-02-13 22:35:25 0 d-----w- c:\program files\iPod
2010-02-13 22:09:07 0 d-----w- c:\users\brandon\appdata\roaming\SanDisk
2010-02-10 06:07:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 06:07:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 06:07:22 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 06:07:22 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 06:07:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 06:07:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 06:06:53 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 06:06:53 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 06:06:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 06:06:53 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 06:06:52 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 06:06:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 06:06:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 06:06:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 06:06:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 06:06:50 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 06:06:50 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-04 02:09:13 48235 ----a-w- c:\users\brandon\17132_945414824039_8839751_51800115_6413580_n.jpg

==================== Find3M ====================

2010-02-27 00:42:49 89885 ----a-w- c:\programdata\nvModes.dat
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-28 22:41:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-28 22:41:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-28 22:41:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-16 02:45:13 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-07 00:01:43 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 00:01:43 22328 ----a-w- c:\users\brandon\appdata\roaming\PnkBstrK.sys
2010-01-07 00:01:33 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 00:01:23 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 00:01:17 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 23:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-30 23:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 23:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-11 19:05:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-07 04:57:00 74 --sh--r- c:\windows\CT4CET.bin
2009-10-22 01:17:11 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 11:18:34 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-07 07:26:17 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:48:32.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 01 March 2010 - 08:10 PM


Hello bwood05 smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Your log shows that you have installed ComboFix on your computer. I need to know if you have run it and if you have I will need to see the log it produced. You can find the log at C:\ComboFix.txt









Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 01 March 2010 - 08:21 PM

Here is the log.

Thanks.

ComboFix 10-02-25.02 - Brandon 02/25/2010 21:57:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2631 [GMT -6:00]
Running from: c:\users\Brandon\Desktop\thcbytes.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2745842856-3432965393-2215270900-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
c:\users\Brandon\AppData\Roaming\install.dat
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
c:\windows\ebefbccdebcaebe.exe
c:\windows\system32\ebefbccdebcaebe.dll
c:\windows\system32\oem7.inf
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ebefbccdebcaebe
-------\Service_STacSV


((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2010-02-26 02:05 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\programdata\Malwarebytes
2010-02-26 02:05 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 04:50 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:50 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:50 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:50 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:50 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:50 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:50 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 04:50 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:50 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:50 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 04:50 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 04:50 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 04:28 . 2010-02-24 04:28 -------- d-----w- c:\windows\system32\Adobe
2010-02-24 03:56 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 22:51 . 2010-02-22 22:51 74752 ----a-w- c:\windows\system32\bdfb.sys
2010-02-15 19:58 . 2010-02-15 20:00 -------- d-----w- c:\program files\MSECACHE
2010-02-13 22:35 . 2010-02-13 22:35 -------- d-----w- c:\program files\iPod
2010-02-13 22:31 . 2010-02-13 22:32 -------- d-----w- c:\program files\QuickTime
2010-02-13 22:09 . 2010-02-13 22:09 -------- d-----w- c:\users\Brandon\AppData\Roaming\SanDisk
2010-02-10 06:07 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 06:07 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 06:07 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 06:07 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 06:07 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 06:07 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 06:06 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 06:06 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 06:06 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 06:06 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 06:06 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 06:06 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 06:06 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 06:06 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 06:06 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 06:06 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 06:06 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-27 22:55 . 2010-01-27 22:55 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 04:07 . 2008-10-13 21:08 89885 ----a-w- c:\programdata\nvModes.dat
2010-02-26 04:06 . 2010-01-04 01:24 0 ----a-w- c:\windows\system32\Access.dat
2010-02-26 04:06 . 2008-10-06 23:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-26 02:19 . 2010-02-26 02:19 52224 ----a-w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 02:18 . 2010-02-26 02:18 117760 ----a-w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 02:17 . 2009-03-16 00:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-26 01:29 . 2008-10-13 21:37 -------- d-----w- c:\users\Brandon\AppData\Roaming\.purple
2010-02-26 00:06 . 2010-02-26 00:06 1691 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-02-26 00:06 . 2010-02-26 00:06 1065 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\talk.google.com
2010-02-24 15:16 . 2009-10-04 05:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 04:58 . 2008-10-13 04:28 100816 ----a-w- c:\users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 04:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 00:01 . 2008-10-07 05:08 -------- d-----w- c:\program files\McAfee
2010-02-23 20:44 . 2008-12-13 16:22 -------- d-----w- c:\program files\Steam
2010-02-21 02:56 . 2008-12-13 16:22 -------- d-----w- c:\program files\Common Files\Steam
2010-02-20 03:11 . 2008-10-13 21:32 -------- d-----w- c:\program files\Pidgin
2010-02-18 00:44 . 2009-03-23 19:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-18 00:44 . 2010-02-18 00:44 38784 ----a-w- c:\users\Brandon\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-18 00:44 . 2010-02-18 00:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-18 00:09 . 2009-02-05 22:47 -------- d-----w- c:\users\Brandon\AppData\Roaming\DataCast
2010-02-18 00:09 . 2008-10-07 04:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 20:58 . 2008-11-01 18:22 -------- d-----w- c:\users\Brandon\AppData\Roaming\uTorrent
2010-02-13 22:36 . 2009-06-09 00:37 -------- d-----w- c:\program files\iTunes
2010-02-13 22:35 . 2008-11-02 02:46 -------- d-----w- c:\program files\Common Files\Apple
2010-02-13 22:27 . 2010-02-13 22:27 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 22:09 . 2010-02-13 22:09 354744 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-02-13 22:09 . 2010-02-13 22:09 79872 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2010-02-13 22:09 . 2010-02-13 22:09 574344 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2010-02-10 21:37 . 2010-02-10 21:37 1505 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\slogin.oscar.aol.com
2010-02-10 19:02 . 2009-12-18 23:15 680 ----a-w- c:\users\Brandon\AppData\Local\d3d9caps.dat
2010-02-10 09:02 . 2008-10-15 23:49 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 00:16 . 2010-02-09 00:16 1791 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-02-06 06:18 . 2009-04-29 23:58 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-02-05 16:39 . 2010-02-05 16:39 251376 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-01-27 22:55 . 2008-10-07 04:50 -------- d-----w- c:\program files\Java
2010-01-22 02:36 . 2008-10-16 01:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 03:23 . 2010-01-16 02:49 -------- d-----w- c:\users\Brandon\AppData\Roaming\Hamachi
2010-01-19 00:33 . 2009-03-23 19:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 00:40 . 2008-11-08 19:57 -------- d-----w- c:\users\Brandon\AppData\Roaming\gtk-2.0
2010-01-16 02:48 . 2009-02-15 22:52 -------- d-----w- c:\users\Brandon\AppData\Roaming\Hamachibackup
2010-01-16 02:45 . 2010-01-16 02:45 -------- d-----w- c:\program files\Hamachi
2010-01-16 02:45 . 2010-01-16 02:45 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-16 02:39 . 2010-01-04 01:22 -------- d-----w- c:\users\Brandon\AppData\Roaming\Tunngle
2010-01-16 02:39 . 2010-01-04 01:22 -------- d-----w- c:\programdata\Tunngle
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\users\Brandon\AppData\Roaming\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\users\Brandon\AppData\Roaming\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 00:01 . 2009-12-27 03:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 00:01 . 2009-12-27 03:37 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-06 15:38 . 2010-02-24 04:50 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:50 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 04:50 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 04:50 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 19:50 . 2010-01-04 19:49 -------- d-----w- c:\users\Brandon\AppData\Roaming\Multi File Downloader
2010-01-04 19:49 . 2010-01-04 19:49 -------- d-----w- c:\programdata\boost_interprocess
2010-01-04 01:23 . 2010-01-04 01:22 -------- d-----w- c:\program files\Tunngle
2010-01-02 06:38 . 2010-01-21 23:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 23:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 23:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 14:22 . 2009-12-25 14:22 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 23:14 . 2008-12-11 00:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 23:48 . 2009-12-11 23:48 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-12-10 00:07 . 2009-12-09 23:49 46592 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2009-11-30 23:02 . 2009-11-30 23:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 23:02 . 2009-11-30 23:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2008-10-07 04:57 . 2008-10-07 04:57 74 --sh--r- c:\windows\CT4CET.bin
2008-10-07 07:26 . 2008-10-07 07:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-02 133104]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SansaDispatch"="c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-02-13 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]

c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-07 05:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:37,c5,e0,65,1d,de,c9,01

R1 fanio;FanIO driver;c:\windows\System32\drivers\fanio.sys [3/9/2009 11:52 AM 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/6/2008 5:38 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 6:20 AM 12648]
S2 gupdate1c9bfa5221a2ba;Google Update Service (gupdate1c9bfa5221a2ba);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 3:39 PM 133104]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys [12/9/2009 5:49 PM 46592]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 5:48 PM 42480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\System32\drivers\tap0901t.sys [1/3/2010 7:22 PM 27136]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [10/7/2008 1:32 AM 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 21:39]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 21:39]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745842856-3432965393-2215270900-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-02 04:32]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745842856-3432965393-2215270900-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-02 04:32]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-26 c:\windows\Tasks\User_Feed_Synchronization-{595E3CA2-E38A-4B4B-91B3-2A47F680EDDB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\snil93bf.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/
FF - component: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\snil93bf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Brandon\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 22:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??i?s?k?\?S?a?n?s?a? ?U?p?d?a?t?e?r?????T?}?`<??????T?}?l<??25253d5%x<??co

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spal.sys hal.dll >>UNKNOWN [0x8586F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8ba05d24
\Driver\ACPI -> acpi.sys @ 0x807bcd68
\Driver\atapi -> 0x858bb1f8
\Driver\iaStor -> iastor.sys @ 0x8276e6d0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2745842856-3432965393-2215270900-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,ed,7b,66,13,ff,b8,42,fb,8c,bb,9b,6d,b3,60,0c,72,b1,9f,09,43,
02,d3,82,66,4e,bf,7d,87,59,c2,bd,d7,f5,cb,75,45,b5,71,bd,28,0c,f6,cb,40,0a,\
"rkeysecu"=hex:ec,dc,f9,88,15,f3,39,79,71,91,8e,30,6d,78,7f,a6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(4004)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Tunngle\TnglCtrl.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Secunia\PSI\psi.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-02-25 22:13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 04:13

Pre-Run: 135,829,770,240 bytes free
Post-Run: 135,461,261,312 bytes free

- - End Of File - - 0015D966A203855C6AD6C4401A5334BD


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 01 March 2010 - 09:27 PM

Are you still getting redirects?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 01 March 2010 - 09:29 PM

Very much so.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 01 March 2010 - 10:29 PM

Well, we will have to see if we can figure out what is causing it.

Please download maxhandle.exe by noahdfear to your desktop
  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
  • If Max++ is present the log will open automatically.
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
  • Log is saved to c:\maxhandle.txt
Please post the results for my review



If there is no log move on to the following:


Please download SystemScan and save it to your desktop.
  • Be aware that the file name will be randomly generated (i.e. sys95769.exe) to deceive malware which may attempt to disabled it.
  • If any installed security tools (anti-virus) detects the file as malware or suspicious while downloading or attempting to run, ignore the alert and allow the download.
  • Double-click on sys*****.exe to start the tool.
  • A read before proceeding disclaimer will appear.
  • Uncheck <- Unflag the checkbox to disable updates! next to the version number at the top.
  • After reading, check the box I have read and agree. Please let me...proceed!, then click the Proceed button.
  • When SystemScan opens, click the "Unselect all" button.
  • Important: Under "Make your choice and than click...", check the boxes next to:
    • PC accounts
  • Everything else should be unchecked.
  • Click "Scan Now".
  • Another warning box will appear. Please follow the instructions and click Ok.
  • Please be patient while the scan is in progress.
  • Systemscan will scan your computer and create a folder named suspectfile on the Desktop to save its report.
  • When the scan is complete, Notepad will automatically open a log file named report.txt with the results.
  • Copy and paste the contents of report.txt in your next reply.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 01 March 2010 - 10:51 PM

Nothing found on the Maxhandle.

The SystemScan log:

SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows VISTA , Service Pack 2 (6002.6.0)
System directory: C:\Windows
SystemScan file: C:\Users\Brandon\Desktop\sys76078.exe
Running in: User mode
Date: 3/1/2010
Time: 10:49:05 PM

Output limited to:
-PC accounts

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | 26dba
Yes | Administrator (Disabled)
Yes | Brandon
| Guest

### users folders

06/10/2008 23:56:46 (DIR) 0 byte 511 days old -- All Users

### startup files in users folders


==========================================
Scan completed in 0 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work



#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 01 March 2010 - 11:10 PM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.



Note: Sometimes people have trouble getting the log so the biggest thing I need will be toward the bottom if you can make note of any files which were found and deleted it would be a good idea.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 01 March 2010 - 11:24 PM

I am going to bed for the night and will return tomorrow after work.
Thank you for the help.

For now, here is the log.

23:20:18:500 3716 TDSS rootkit removing tool 2.2.7 Feb 25 2010 10:44:44
23:20:18:501 3716 ================================================================================
23:20:18:501 3716 SystemInfo:

23:20:18:501 3716 OS Version: 6.0.6002 ServicePack: 2.0
23:20:18:501 3716 Product type: Workstation
23:20:18:501 3716 ComputerName: WOOD-B
23:20:18:501 3716 UserName: Brandon
23:20:18:501 3716 Windows directory: C:\Windows
23:20:18:501 3716 Processor architecture: Intel x86
23:20:18:501 3716 Number of processors: 2
23:20:18:501 3716 Page size: 0x1000
23:20:18:503 3716 Boot type: Normal boot
23:20:18:503 3716 ================================================================================
23:20:18:506 3716 UnloadDriverW: NtUnloadDriver error 2
23:20:18:506 3716 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:20:20:561 3716 Initialize success
23:20:20:561 3716
23:20:20:561 3716 Scanning Services ...
23:20:20:561 3716 wfopen_ex: Trying to open file C:\Windows\system32\config\system
23:20:20:594 3716 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:20:20:594 3716 wfopen_ex: Trying to KLMD file open
23:20:20:594 3716 wfopen_ex: File opened ok (Flags 2)
23:20:20:596 3716 wfopen_ex: Trying to open file C:\Windows\system32\config\software
23:20:20:597 3716 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:20:20:597 3716 wfopen_ex: Trying to KLMD file open
23:20:20:597 3716 wfopen_ex: File opened ok (Flags 2)
23:20:21:265 3716 GetAdvancedServicesInfo: Raw services enum returned 478 services
23:20:21:273 3716 fclose_ex: Trying to close file C:\Windows\system32\config\system
23:20:21:274 3716 fclose_ex: Trying to close file C:\Windows\system32\config\software
23:20:21:275 3716
23:20:21:275 3716 Scanning Kernel memory ...
23:20:21:275 3716 Devices to scan: 1
23:20:21:275 3716
23:20:21:275 3716 Driver Name: iaStor
23:20:21:275 3716 IRP_MJ_CREATE : 827736D0
23:20:21:275 3716 IRP_MJ_CREATE_NAMED_PIPE : 82044A22
23:20:21:275 3716 IRP_MJ_CLOSE : 827736D0
23:20:21:275 3716 IRP_MJ_READ : 82044A22
23:20:21:276 3716 IRP_MJ_WRITE : 82044A22
23:20:21:276 3716 IRP_MJ_QUERY_INFORMATION : 82044A22
23:20:21:276 3716 IRP_MJ_SET_INFORMATION : 82044A22
23:20:21:276 3716 IRP_MJ_QUERY_EA : 82044A22
23:20:21:276 3716 IRP_MJ_SET_EA : 82044A22
23:20:21:276 3716 IRP_MJ_FLUSH_BUFFERS : 82044A22
23:20:21:276 3716 IRP_MJ_QUERY_VOLUME_INFORMATION : 82044A22
23:20:21:276 3716 IRP_MJ_SET_VOLUME_INFORMATION : 82044A22
23:20:21:276 3716 IRP_MJ_DIRECTORY_CONTROL : 82044A22
23:20:21:276 3716 IRP_MJ_FILE_SYSTEM_CONTROL : 82044A22
23:20:21:276 3716 IRP_MJ_DEVICE_CONTROL : 827736D0
23:20:21:276 3716 IRP_MJ_INTERNAL_DEVICE_CONTROL : 827736D0
23:20:21:276 3716 IRP_MJ_SHUTDOWN : 82044A22
23:20:21:276 3716 IRP_MJ_LOCK_CONTROL : 82044A22
23:20:21:276 3716 IRP_MJ_CLEANUP : 82044A22
23:20:21:276 3716 IRP_MJ_CREATE_MAILSLOT : 82044A22
23:20:21:276 3716 IRP_MJ_QUERY_SECURITY : 82044A22
23:20:21:276 3716 IRP_MJ_SET_SECURITY : 82044A22
23:20:21:276 3716 IRP_MJ_POWER : 827736D0
23:20:21:276 3716 IRP_MJ_SYSTEM_CONTROL : 827736D0
23:20:21:276 3716 IRP_MJ_DEVICE_CHANGE : 82044A22
23:20:21:276 3716 IRP_MJ_QUERY_QUOTA : 82044A22
23:20:21:276 3716 IRP_MJ_SET_QUOTA : 82044A22
23:20:21:278 3716 sion
23:20:21:296 3716 C:\Windows\system32\drivers\iastor.sys - Verdict: Clean
23:20:21:296 3716
23:20:21:296 3716 Completed
23:20:21:297 3716
23:20:21:297 3716 Results:
23:20:21:297 3716 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
23:20:21:297 3716 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:20:21:297 3716 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:20:21:298 3716
23:20:21:300 3716 KLMD(ARK) unloaded successfully


#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 02 March 2010 - 12:09 AM

Do you use a router?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 02 March 2010 - 07:16 PM

Yes, I use a router. The issue does not affect any of my other computers and connecting straight to the modem doesn't help either.

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 02 March 2010 - 10:25 PM

Let's delete the version of ComboFix you have on your Desktop then download a new one from the link below. Once you have done so run it once more and post the log it produces. Disable Windows Defender along with your AntiVirus and AntisSyware program.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.


If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 02 March 2010 - 11:01 PM

Here it is.
Once again I am headed to bed and will return tomorrow.

ComboFix 10-03-02.02 - Brandon 03/02/2010 22:44:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2624 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\CmbFi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 03:52 . 2010-03-03 03:52 -------- d-----w- c:\users\Brandon\AppData\Local\temp
2010-03-03 03:52 . 2010-03-03 03:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-03 03:52 . 2010-03-03 03:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-03 03:52 . 2010-03-03 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 03:52 . 2010-03-03 03:52 -------- d-----w- c:\users\26dba\AppData\Local\temp
2010-03-03 00:41 . 2010-03-03 00:41 1691 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-03-03 00:41 . 2010-03-03 00:41 1065 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\talk.google.com
2010-03-02 03:46 . 2008-11-18 18:15 417136 ----a-w- c:\windows\handle.exe
2010-03-02 01:21 . 2010-03-02 01:21 -------- d-----w- c:\users\Brandon\AppData\Local\Apple
2010-02-27 04:00 . 2010-02-27 04:00 -------- d-----w- c:\users\Brandon\AppData\Roaming\Wireshark
2010-02-27 03:42 . 2010-02-27 03:42 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-02-27 03:09 . 2010-02-27 03:09 -------- d-----w- c:\program files\WinPcap
2010-02-27 03:09 . 2010-02-27 03:09 -------- d-----w- c:\program files\Wireshark
2010-02-26 04:22 . 2010-02-26 04:22 -------- d-----w- c:\program files\ESET
2010-02-26 02:19 . 2010-02-26 02:19 52224 ----a-w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 02:18 . 2010-02-26 02:18 117760 ----a-w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 02:18 . 2010-02-26 02:18 -------- d-----w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2010-02-26 02:05 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 02:05 . 2010-02-26 02:05 -------- d-----w- c:\programdata\Malwarebytes
2010-02-26 02:05 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 04:50 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:50 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:50 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:50 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:50 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:50 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:50 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 04:50 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:50 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:50 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 04:50 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 04:50 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 04:28 . 2010-02-24 04:28 -------- d-----w- c:\windows\system32\Adobe
2010-02-24 03:56 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 22:51 . 2010-02-22 22:51 74752 ----a-w- c:\windows\system32\bdfb.sys
2010-02-18 00:44 . 2010-02-18 00:44 38784 ----a-w- c:\users\Brandon\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-18 00:44 . 2010-02-18 00:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 19:58 . 2010-02-15 20:00 -------- d-----w- c:\program files\MSECACHE
2010-02-13 22:35 . 2010-02-13 22:35 -------- d-----w- c:\program files\iPod
2010-02-13 22:31 . 2010-02-13 22:32 -------- d-----w- c:\program files\QuickTime
2010-02-13 22:27 . 2010-02-13 22:27 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 22:09 . 2010-02-13 22:09 354744 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-02-13 22:09 . 2010-02-13 22:09 79872 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2010-02-13 22:09 . 2010-02-13 22:09 574344 ----a-w- c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2010-02-13 22:09 . 2010-02-13 22:09 -------- d-----w- c:\users\Brandon\AppData\Roaming\SanDisk
2010-02-10 21:37 . 2010-02-10 21:37 1505 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\slogin.oscar.aol.com
2010-02-10 06:07 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 06:07 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 06:07 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 06:07 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 06:07 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 06:07 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 06:06 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 06:06 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 06:06 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 06:06 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 06:06 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 06:06 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 06:06 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 06:06 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 06:06 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 06:06 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 06:06 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 00:16 . 2010-02-09 00:16 1791 ----a-w- c:\users\Brandon\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-02-05 16:39 . 2010-02-05 16:39 251376 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 03:42 . 2008-10-13 21:08 89885 ----a-w- c:\programdata\nvModes.dat
2010-03-03 03:41 . 2010-01-04 01:24 0 ----a-w- c:\windows\system32\Access.dat
2010-03-03 03:41 . 2008-10-06 23:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 03:40 . 2008-10-13 21:37 -------- d-----w- c:\users\Brandon\AppData\Roaming\.purple
2010-03-01 04:26 . 2008-12-13 16:22 -------- d-----w- c:\program files\Steam
2010-03-01 04:18 . 2008-12-13 16:22 -------- d-----w- c:\program files\Common Files\Steam
2010-02-26 23:37 . 2009-12-18 23:15 1356 ----a-w- c:\users\Brandon\AppData\Local\d3d9caps.dat
2010-02-26 02:17 . 2009-03-16 00:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-24 14:16 . 2009-10-04 05:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 04:58 . 2008-10-13 04:28 100816 ----a-w- c:\users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 04:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 00:01 . 2008-10-07 05:08 -------- d-----w- c:\program files\McAfee
2010-02-20 03:11 . 2008-10-13 21:32 -------- d-----w- c:\program files\Pidgin
2010-02-18 00:44 . 2009-03-23 19:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-18 00:09 . 2009-02-05 22:47 -------- d-----w- c:\users\Brandon\AppData\Roaming\DataCast
2010-02-18 00:09 . 2008-10-07 04:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 20:58 . 2008-11-01 18:22 -------- d-----w- c:\users\Brandon\AppData\Roaming\uTorrent
2010-02-13 22:36 . 2009-06-09 00:37 -------- d-----w- c:\program files\iTunes
2010-02-13 22:35 . 2008-11-02 02:46 -------- d-----w- c:\program files\Common Files\Apple
2010-02-10 09:02 . 2008-10-15 23:49 -------- d-----w- c:\programdata\Microsoft Help
2010-02-06 06:18 . 2009-04-29 23:58 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-01-27 22:55 . 2010-01-27 22:55 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 22:55 . 2008-10-07 04:50 -------- d-----w- c:\program files\Java
2010-01-22 02:36 . 2008-10-16 01:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 03:23 . 2010-01-16 02:49 -------- d-----w- c:\users\Brandon\AppData\Roaming\Hamachi
2010-01-19 00:33 . 2009-03-23 19:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 00:40 . 2008-11-08 19:57 -------- d-----w- c:\users\Brandon\AppData\Roaming\gtk-2.0
2010-01-16 02:48 . 2009-02-15 22:52 -------- d-----w- c:\users\Brandon\AppData\Roaming\Hamachibackup
2010-01-16 02:45 . 2010-01-16 02:45 -------- d-----w- c:\program files\Hamachi
2010-01-16 02:45 . 2010-01-16 02:45 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-16 02:39 . 2010-01-04 01:22 -------- d-----w- c:\users\Brandon\AppData\Roaming\Tunngle
2010-01-16 02:39 . 2010-01-04 01:22 -------- d-----w- c:\programdata\Tunngle
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\users\Brandon\AppData\Roaming\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 22328 ----a-w- c:\users\Brandon\AppData\Roaming\PnkBstrK.sys
2010-01-07 00:01 . 2009-12-27 03:37 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 00:01 . 2009-12-27 03:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 00:01 . 2009-12-27 03:37 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-06 15:38 . 2010-02-24 04:50 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:50 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 04:50 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 04:50 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 19:50 . 2010-01-04 19:49 -------- d-----w- c:\users\Brandon\AppData\Roaming\Multi File Downloader
2010-01-04 19:49 . 2010-01-04 19:49 -------- d-----w- c:\programdata\boost_interprocess
2010-01-04 01:23 . 2010-01-04 01:22 -------- d-----w- c:\program files\Tunngle
2010-01-02 06:38 . 2010-01-21 23:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 23:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 23:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 14:22 . 2009-12-25 14:22 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 23:14 . 2008-12-11 00:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 23:48 . 2009-12-11 23:48 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-12-10 00:07 . 2009-12-09 23:49 46592 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2008-10-07 04:57 . 2008-10-07 04:57 74 --sh--r- c:\windows\CT4CET.bin
2008-10-07 07:26 . 2008-10-07 07:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-02 133104]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SansaDispatch"="c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-02-13 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]

c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-07 05:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:37,c5,e0,65,1d,de,c9,01

R1 fanio;FanIO driver;c:\windows\System32\drivers\fanio.sys [3/9/2009 12:52 PM 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/6/2008 6:38 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 1:05 PM 155648]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [1/3/2010 8:22 PM 682232]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/12/2009 3:42 PM 717296]
S2 gupdate1c9bfa5221a2ba;Google Update Service (gupdate1c9bfa5221a2ba);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 4:39 PM 133104]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys [12/9/2009 6:49 PM 46592]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\System32\drivers\tap0901t.sys [1/3/2010 8:22 PM 27136]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [10/7/2008 2:32 AM 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 21:39]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 21:39]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745842856-3432965393-2215270900-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-02 04:32]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745842856-3432965393-2215270900-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-02 04:32]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{595E3CA2-E38A-4B4B-91B3-2A47F680EDDB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\snil93bf.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/
FF - component: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\snil93bf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Brandon\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 22:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\Brandon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??i?s?k?\?S?a?n?s?a? ?U?p?d?a?t?e?r?????T?}?`<??????T?}?l<??25253d5%x<??co

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2745842856-3432965393-2215270900-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,ed,7b,66,13,ff,b8,42,fb,8c,bb,9b,6d,b3,60,0c,72,b1,9f,09,43,
02,d3,82,66,4e,bf,7d,87,59,c2,bd,d7,f5,cb,75,45,b5,71,bd,28,0c,f6,cb,40,0a,\
"rkeysecu"=hex:ec,dc,f9,88,15,f3,39,79,71,91,8e,30,6d,78,7f,a6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2010-03-02 22:54:31
ComboFix-quarantined-files.txt 2010-03-03 03:54

Pre-Run: 133,792,989,184 bytes free
Post-Run: 133,754,601,472 bytes free

- - End Of File - - E216F1474A4D5BCA14865C802578365E


#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:20 AM

Posted 02 March 2010 - 11:16 PM

Did you disable your AV and Windows Defender? You may have and it's still showing up as active but I need to check since these things can interfere with the running of CF at times.

QUOTE
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 bwood05

bwood05
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 03 March 2010 - 07:14 PM

Yes I disabled them. I checked before and after running combofix that they were not running.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users