Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect...Alureon?


  • This topic is locked This topic is locked
14 replies to this topic

#1 roofer

roofer

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 08 July 2010 - 08:26 PM

When clicking on a link in google search results, I am usually redirected to various different sites. I also intermittently will have a new browser window open to a random site. I downloaded Hitman Pro based on a recommendation and its scan mentioned Alureon which it could not correct. I have also run MalwareBytes with no luck. Please Help! I tried running the GMER scan...but windows keeps shutting down. Following is the other information requested.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Greg at 19:51:02.85 on 07/08/10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.164 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MI1933~1\Office14\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Greg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
BHO: AskBar BHO: {5a074b21-f830-49de-a31b-5bb9d7f6b407} - c:\program files\askbar\bar\bin\askBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {5a074b29-f830-49de-a31b-5bb9d7f6b407} - c:\program files\askbar\bar\bin\askBar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [<NO NAME>]
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/ja/downloads/getmodule.aspx?lang=ja
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186157683218
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} - hxxps://www-den.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer2.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://128.177.29.248/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-2-24 173328]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2007-8-3 18864]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [2007-11-8 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2007-11-8 10880]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-10-7 42112]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-12-25 18432]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-07-08 23:48:07 0 ----a-w- c:\documents and settings\greg\defogger_reenable
2010-07-08 17:25:54 248 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-08 17:18:53 1826 ----a-w- c:\windows\system32\.crusader
2010-07-08 17:03:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-08 17:03:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-08 17:03:15 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-07 17:03:00 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-07 16:59:52 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-07-07 16:54:05 0 d-----w- c:\program files\VstPlugins
2010-07-07 16:53:56 0 d-----w- c:\program files\Image-Line
2010-07-07 16:53:45 0 d-----w- c:\program files\Outsim
2010-07-07 16:00:28 120 ----a-w- c:\windows\Xlefeyifegizuta.dat
2010-07-07 16:00:28 0 ----a-w- c:\windows\Szicezezuquja.bin
2010-07-07 01:06:01 989696 ----a-w- c:\windows\system32\kabaker.dll
2010-07-06 03:25:22 401728 ----a-w- C:\setup.exe
2010-07-01 03:09:45 719872 ----a-w- c:\windows\system32\devil.dll
2010-07-01 03:09:45 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-07-01 03:09:45 0 d-----w- c:\program files\common files\Common Share
2010-07-01 03:09:44 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-11 20:26:01 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-19 23:02:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 23:09:23 72192 ---ha-w- c:\windows\system32\mlfcache.dat
2009-04-04 17:51:35 336 ----a-w- c:\program files\temp995.bat
2007-08-03 07:44:52 56 --sh--r- c:\windows\system32\749D152A8A.sys
2007-08-17 13:43:19 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-20 04:28:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat
2009-09-16 19:02:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-16 19:02:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-16 19:02:01 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:53:02.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 08 July 2010 - 08:43 PM

Since I was unable to run GMER, I ran RootKitUnhooker based on response from another thread. Here are the results:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEE369000 C:\WINDOWS\system32\drivers\sigfilt.sys 1351680 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF68F9000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6721000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF667A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF72CE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEBFA2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF659E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEC0D5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7939000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB79E0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF6820000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB7D95000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF65FC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF743A000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7BD9000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72A1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEE4D7000 C:\WINDOWS\system32\drivers\sthda.sys 184320 bytes (SigmaTel, Inc., DELLRC)
0xEC03A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7468000 szkgfs.sys 167936 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xF68BD000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEC0AD000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7DC5000 C:\WINDOWS\system32\drivers\ctusfsyn.sys 159744 bytes (Creative Technology Ltd., Creative SoundFont Synthesizer)
0xB7D6F000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF73E4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6654000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xEC087000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEE4B3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6854000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6878000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB6F77000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xEC065000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF689B000 C:\WINDOWS\system32\DRIVERS\atinavxx.sys 139264 bytes (ATI Technologies Inc., ATI Unified AVStream Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73AC000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF740A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7287000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB81B0000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8197000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF73CC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF736E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF663D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB75B2000 C:\WINDOWS\system32\drivers\PfModNT.sys 94208 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xB81C9000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7385000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xB7E3A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF68E5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEC12E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF735B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF739A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7429000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF662C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7632000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7702000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77B2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7712000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB80DF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7592000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xF75F2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77E2000 C:\WINDOWS\system32\DRIVERS\hphid409.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF75A2000 C:\WINDOWS\System32\Drivers\hphs2k09.sys 53248 bytes (Hewlett-Packard, Printer Card Mass Storage Driver)
0xF77F2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75D2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7742000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF6A8E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7722000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75C2000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7732000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6A7E000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75B2000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7782000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7762000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75E2000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7802000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76F2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7752000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6AAE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB7B71000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7602000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6A6E000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF6ACE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7892000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF790A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78D2000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF788A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF792A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7812000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF786A000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF78E2000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78DA000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF789A000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78BA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78C2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78F2000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7862000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF7882000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78FA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7982000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF78CA000 C:\WINDOWS\System32\drivers\hphius09.sys 20480 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7902000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF781A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78AA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78B2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78A2000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7922000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A76000 C:\WINDOWS\system32\DRIVERS\hphipr09.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7A6A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A4A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7A32000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB80A3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7246000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A66000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF6B6C000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xF79A2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEC179000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A62000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A5E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB7929000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A6E000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6B60000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A7A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AF0000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7AF4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A96000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7AFA000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7AF2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A92000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AF6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B18000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xF7AF8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AE2000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7AE0000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7AE4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B34000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AEE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A94000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C73000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BC3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B5A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7BD2000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7BCE000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
!!!!!!!!!!!Hidden driver: 0x86015AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x861BA1E8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF73CC000 WARNING: suspicious driver modification [atapi.sys::0x86015AEA]
0xEC065000 WARNING: Virus alike driver modification [afd.sys], 139264 bytes
0x055F0000 Hidden Image-->DevComponents.DotNetBar.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 2363392 bytes
0x04320000 Hidden Image-->System.Data.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 2961408 bytes
0x05110000 Hidden Image-->Interop.eWebControl.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 36864 bytes
0x05BA0000 Hidden Image-->Interop.ProfMan.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 36864 bytes
0x05300000 Hidden Image-->Interop.Outlook.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 405504 bytes
0x00DD0000 Hidden Image-->CFScan.dll [ EPROCESS 0x84FB3DA0 ] PID: 2216, 45056 bytes
0x05380000 Hidden Image-->Microsoft.Windows.Forms.Navigation.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 53248 bytes
0x04CA0000 Hidden Image-->SQLite.NET.dll [ EPROCESS 0x84B78BC0 ] PID: 132, 86016 bytes


#3 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 08 July 2010 - 09:34 PM

Hello! :wave: Welcome to BleepingComputer! I'm piano9playa5 and will be assisting you with your malware problems. Please be patient, as I must prepare my instructions and have them approved by a moderator. If you have any questions, ask away!

Edited by piano9playa5, 08 July 2010 - 09:34 PM.

I'll be away August 16-21!

Posted Image


#4 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 09 July 2010 - 09:08 AM

Hi there,

Step № One
I see that you have a program called BitComet installed, which is a Peer2Peer program. P2P programs are an easy way to pick up some of the latest infections. As well, although the program itself may be legal, most files obtained in this method are not. I strongly recommend BitComet's removal. Ask me if you need help with it's removal, or just have questions about my recommendations.


Step № Two
There are a few programs that we need to uninstall. A few of these are "Optional Removals" meaning that you may remove them if you wish, but it's not required. In the removal instructions below, they will be listed in green. Here's a brief description of each:
Ask Toolbar & Viewpoint Media Player - These two aren't bad programs. However, they come bundled with other programs, and you may not have been aware that they had been installed.
RegCure - Registry Cleaners are not recommended as the registry is a delicate piece of Windows. Deleting the wrong key can make a computer unable to login, or worse. As well, there is no evidence that supports a clear performance increase.
  1. Please go to Start > Control Panel
  2. Double-Click on Add\Remove Programs
  3. Allow it to populate the list
  4. Find the following program name:
    MyWay Search Assistant
  5. Click on it to highlight, then click the Remove button that appears.
  6. When asked if you are sure you wish to remove it, click Yes or Ok
  7. It will notify you when it has finished removing; Click Ok
  8. Repeat steps 4-8 for the following (Optional Removals):
    AskToolbar for Internet Explorer
    RegCure
    Viewpoint Media Player
Let me know which of the Optional Removals you uninstalled if any, or if any of the programs were not listed.

Step № Three
Download TDSSKiller and save it to your Desktop.
  • Extract the file and run it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.
Step № Four
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Logs&Info
Remember to post back the following logs:
  1. Which programs you uninstalled
  2. TDSSKiller report saved to C:
  3. ComboFix.txt report saved to C:
  4. Questions, comments or conserns you have

I'll be away August 16-21!

Posted Image


#5 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 09 July 2010 - 10:54 AM

Thank you for your quick response! Following is the information per your request:

Step No. One:
BitComet - not listed in my Add/Remove menu so I was unable to do anything with it.

Step No. Two:
MyWay Search Assistant - Removed
AskToolbar for Internet Explorer - Removed
RegCure - Removed
Viewpoint Media Player - When I attempted to remove, I got a message stating components were not found and I was given an option to remove from list...which I did.

Step No. Three:
TDSSKiller results:

10:49:50:859 5668 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
10:49:50:859 5668 ================================================================================
10:49:50:859 5668 SystemInfo:

10:49:50:859 5668 OS Version: 5.1.2600 ServicePack: 3.0
10:49:50:859 5668 Product type: Workstation
10:49:50:859 5668 ComputerName: FAMILYROOM
10:49:50:859 5668 UserName: Greg
10:49:50:859 5668 Windows directory: C:\WINDOWS
10:49:50:859 5668 System windows directory: C:\WINDOWS
10:49:50:859 5668 Processor architecture: Intel x86
10:49:50:859 5668 Number of processors: 2
10:49:50:859 5668 Page size: 0x1000
10:49:50:859 5668 Boot type: Normal boot
10:49:50:859 5668 ================================================================================
10:49:51:375 5668 Initialize success
10:49:51:375 5668
10:49:51:375 5668 Scanning Services ...
10:49:52:093 5668 Raw services enum returned 419 services
10:49:52:109 5668
10:49:52:109 5668 Scanning Drivers ...
10:49:55:484 5668 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:49:55:578 5668 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:49:55:640 5668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:49:55:703 5668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:49:55:812 5668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:49:55:843 5668 AFD (1d93dc9b93c4defb8c01b4bc905867f8) C:\WINDOWS\System32\drivers\afd.sys
10:49:55:859 5668 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 1d93dc9b93c4defb8c01b4bc905867f8, Fake md5: 7e775010ef291da96ad17ca4b17137d7
10:49:55:859 5668 File "C:\WINDOWS\System32\drivers\afd.sys" infected by TDSS rootkit ... 10:49:56:406 5668 Backup copy found, using it..
10:49:56:421 5668 will be cured on next reboot
10:49:56:656 5668 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:49:56:671 5668 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:49:56:718 5668 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:49:56:765 5668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:49:56:812 5668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:49:56:953 5668 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:49:57:062 5668 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:49:57:093 5668 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:49:57:140 5668 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:49:57:187 5668 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:49:57:234 5668 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:49:57:281 5668 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:49:57:375 5668 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
10:49:57:468 5668 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
10:49:57:546 5668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:49:57:578 5668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:49:57:687 5668 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:49:57:765 5668 ATIAVPCI (a42fa313df3937f9edf028ea0e153dce) C:\WINDOWS\system32\DRIVERS\atinavxx.sys
10:49:57:828 5668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:49:57:859 5668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:49:57:984 5668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:49:58:234 5668 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:49:58:265 5668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:49:58:296 5668 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:49:58:343 5668 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:49:58:375 5668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:49:58:406 5668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:49:58:453 5668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:49:58:531 5668 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
10:49:58:609 5668 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:49:58:656 5668 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:49:58:750 5668 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:49:58:796 5668 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
10:49:58:843 5668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:49:59:000 5668 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:49:59:375 5668 DfuUsb (0819d9af77d51b1c397d1097aa5bfddc) C:\WINDOWS\system32\DRIVERS\DFUUsb.sys
10:49:59:578 5668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:49:59:890 5668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:50:00:156 5668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:50:00:203 5668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:50:00:296 5668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:50:00:375 5668 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys
10:50:00:421 5668 Dot4Print HPH09 (d559e03b3168bc00011dd2b6f443ac71) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
10:50:00:453 5668 Dot4Storage HPH09 (7e90e0199786c4bda3cf675b93544939) C:\WINDOWS\system32\Drivers\hphs2k09.sys
10:50:00:500 5668 Dot4Usb HPH09 (afcaa5b28bd1a3f9645e7ebee217c365) C:\WINDOWS\system32\drivers\hphius09.sys
10:50:00:671 5668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:50:00:765 5668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:50:00:828 5668 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:50:00:968 5668 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
10:50:01:187 5668 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:50:01:234 5668 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
10:50:01:281 5668 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:50:01:343 5668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:50:01:390 5668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:50:01:437 5668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:50:01:468 5668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:50:01:562 5668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:50:01:609 5668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:50:01:656 5668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:50:01:703 5668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:50:01:828 5668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:50:01:921 5668 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
10:50:02:078 5668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:50:02:250 5668 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
10:50:02:281 5668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:50:02:328 5668 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:50:02:375 5668 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:50:02:453 5668 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:50:02:625 5668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:50:02:687 5668 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:50:02:718 5668 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:50:02:765 5668 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:50:02:812 5668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:50:02:843 5668 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:50:02:937 5668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:50:03:078 5668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:50:03:140 5668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:50:03:187 5668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:50:03:234 5668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:50:03:281 5668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:50:03:312 5668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:50:03:406 5668 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
10:50:03:453 5668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:50:03:546 5668 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
10:50:03:593 5668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:50:03:625 5668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:50:03:656 5668 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:50:03:734 5668 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
10:50:03:796 5668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:50:03:859 5668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:50:04:046 5668 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:50:04:093 5668 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:50:04:125 5668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:50:04:218 5668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:50:04:250 5668 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:50:04:328 5668 MotDev (20ff89c59b0a50f53822303064988e00) C:\WINDOWS\system32\DRIVERS\motodrv.sys
10:50:04:421 5668 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys
10:50:04:484 5668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:50:04:531 5668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:50:04:593 5668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:04:703 5668 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
10:50:04:750 5668 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:50:04:796 5668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:05:062 5668 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:05:906 5668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:50:06:265 5668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:06:406 5668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:06:875 5668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:07:468 5668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:07:984 5668 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:50:08:390 5668 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:50:08:437 5668 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:50:08:468 5668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:50:08:531 5668 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:50:08:562 5668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:08:609 5668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:08:656 5668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:08:687 5668 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:08:734 5668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:08:765 5668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:08:812 5668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:50:08:859 5668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:09:109 5668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:50:09:265 5668 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:50:09:359 5668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:09:406 5668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:09:500 5668 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:50:09:562 5668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:09:625 5668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:09:687 5668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:09:750 5668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:09:812 5668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:50:09:890 5668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:10:234 5668 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:50:10:265 5668 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:50:10:312 5668 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
10:50:10:359 5668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:10:390 5668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:10:421 5668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:10:500 5668 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:50:10:687 5668 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:50:10:734 5668 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:50:10:765 5668 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:50:10:812 5668 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:50:10:859 5668 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:50:11:062 5668 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
10:50:11:093 5668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:11:171 5668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:11:218 5668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:11:250 5668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:11:296 5668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:11:343 5668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:11:390 5668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:50:11:437 5668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:11:500 5668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:11:593 5668 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
10:50:11:734 5668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:11:781 5668 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:11:828 5668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:11:859 5668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:50:12:093 5668 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
10:50:12:250 5668 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:50:12:296 5668 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:50:12:343 5668 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:50:12:437 5668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:50:12:468 5668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:12:546 5668 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:12:718 5668 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:50:12:765 5668 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
10:50:12:812 5668 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
10:50:12:906 5668 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:50:13:078 5668 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:50:13:203 5668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:13:281 5668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:50:13:328 5668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:50:13:359 5668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:50:13:421 5668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:50:13:468 5668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:50:13:531 5668 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
10:50:13:593 5668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:13:687 5668 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
10:50:13:718 5668 szkgfs (333175a9d6129315650ac743459dd176) C:\WINDOWS\system32\drivers\szkgfs.sys
10:50:13:828 5668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:14:000 5668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:14:187 5668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:14:281 5668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:14:312 5668 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
10:50:14:343 5668 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
10:50:14:390 5668 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
10:50:14:421 5668 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
10:50:14:468 5668 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
10:50:14:500 5668 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
10:50:14:546 5668 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
10:50:14:578 5668 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
10:50:14:609 5668 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:50:14:640 5668 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:50:14:734 5668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:50:14:828 5668 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:50:14:953 5668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:50:15:171 5668 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:50:15:265 5668 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:50:15:296 5668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:15:343 5668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:50:15:375 5668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:15:406 5668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:50:15:453 5668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:50:15:484 5668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:15:515 5668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:15:625 5668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:50:15:671 5668 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:50:15:718 5668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:50:15:812 5668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:15:859 5668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:16:078 5668 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
10:50:16:203 5668 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:50:16:375 5668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:16:437 5668 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:50:16:546 5668 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:50:16:640 5668 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:50:16:687 5668 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:50:16:750 5668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:50:16:812 5668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:50:16:812 5668 Reboot required for cure complete..
10:50:17:593 5668 Cure on reboot scheduled successfully
10:50:17:593 5668
10:50:17:593 5668 Completed
10:50:17:593 5668
10:50:17:593 5668 Results:
10:50:17:593 5668 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:50:17:593 5668 File objects infected / cured / cured on reboot: 1 / 0 / 1
10:50:17:593 5668
10:50:17:609 5668 KLMD(ARK) unloaded successfully

Step No. Four:
ComboFix results:

ComboFix 10-07-08.02 - Greg 07/09/10 11:16:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.627 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alec\Local Settings\Application Data\{B50EDA71-F0AE-4CE7-AF40-CF8CF9F0A966}
c:\documents and settings\Alec\Local Settings\Application Data\{B50EDA71-F0AE-4CE7-AF40-CF8CF9F0A966}\chrome.manifest
c:\documents and settings\Alec\Local Settings\Application Data\{B50EDA71-F0AE-4CE7-AF40-CF8CF9F0A966}\chrome\content\_cfg.js
c:\documents and settings\Alec\Local Settings\Application Data\{B50EDA71-F0AE-4CE7-AF40-CF8CF9F0A966}\chrome\content\overlay.xul
c:\documents and settings\Alec\Local Settings\Application Data\{B50EDA71-F0AE-4CE7-AF40-CF8CF9F0A966}\install.rdf
c:\documents and settings\Dylan\CohUpdater.new
c:\documents and settings\Dylan\CohUpdater.tmp
c:\documents and settings\Dylan\CohUpdater_UI_Win.dll
c:\documents and settings\Dylan\Local Settings\Application Data\{E1829C28-BBD8-4737-BA2D-AA6405337ED3}
c:\documents and settings\Dylan\Local Settings\Application Data\{E1829C28-BBD8-4737-BA2D-AA6405337ED3}\chrome.manifest
c:\documents and settings\Dylan\Local Settings\Application Data\{E1829C28-BBD8-4737-BA2D-AA6405337ED3}\chrome\content\_cfg.js
c:\documents and settings\Dylan\Local Settings\Application Data\{E1829C28-BBD8-4737-BA2D-AA6405337ED3}\chrome\content\overlay.xul
c:\documents and settings\Dylan\Local Settings\Application Data\{E1829C28-BBD8-4737-BA2D-AA6405337ED3}\install.rdf
c:\documents and settings\Greg\Local Settings\Application Data\{FD6E43CD-7F33-461F-88AC-08C9A094361F}
c:\documents and settings\Greg\Local Settings\Application Data\{FD6E43CD-7F33-461F-88AC-08C9A094361F}\chrome.manifest
c:\documents and settings\Greg\Local Settings\Application Data\{FD6E43CD-7F33-461F-88AC-08C9A094361F}\chrome\content\_cfg.js
c:\documents and settings\Greg\Local Settings\Application Data\{FD6E43CD-7F33-461F-88AC-08C9A094361F}\chrome\content\overlay.xul
c:\documents and settings\Greg\Local Settings\Application Data\{FD6E43CD-7F33-461F-88AC-08C9A094361F}\install.rdf
C:\setup.exe
c:\windows\system32\bszip.dll
c:\windows\system32\Data
c:\windows\system32\kabaker.dll
c:\windows\xpsp1hfm.log
K:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 17:03 . 2010-07-09 01:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-08 17:03 . 2010-07-08 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-08 17:03 . 2010-07-08 17:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-07 17:03 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-07 16:54 . 2010-07-07 17:03 -------- d-----w- c:\program files\VstPlugins
2010-07-07 16:53 . 2010-07-07 17:00 -------- d-----w- c:\program files\Image-Line
2010-07-07 16:53 . 2010-07-07 16:53 -------- d-----w- c:\program files\Outsim
2010-07-07 16:04 . 2010-07-07 16:04 -------- d-----w- c:\documents and settings\Alec\Application Data\Malwarebytes
2010-07-07 16:00 . 2010-07-08 16:52 0 ----a-w- c:\windows\Szicezezuquja.bin
2010-07-07 16:00 . 2010-07-08 01:00 120 ----a-w- c:\windows\Xlefeyifegizuta.dat
2010-07-07 01:06 . 2010-07-09 08:03 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Deployment
2010-07-01 03:09 . 2010-07-01 03:09 -------- d-----w- c:\program files\Common Files\Common Share
2010-07-01 03:09 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-07-01 03:09 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-07-01 03:09 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-16 05:22 . 2010-06-16 05:22 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Temp
2010-06-11 20:26 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 15:34 . 2008-08-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-09 15:19 . 2010-07-09 15:18 1136 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-09 15:12 . 2005-08-16 10:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-07-09 14:46 . 2010-04-14 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-07-08 23:40 . 2009-01-26 16:31 3946 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-07-08 15:43 . 2008-08-19 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 15:39 . 2007-12-23 02:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Apple Computer
2010-07-08 15:34 . 2010-02-15 23:58 -------- d-----w- c:\program files\LizardTech
2010-07-08 15:34 . 2005-12-10 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 15:28 . 2005-12-10 16:48 -------- d-----w- c:\program files\Dell
2010-07-08 15:24 . 2007-12-28 20:17 -------- d-----w- c:\program files\Eudemons Online
2010-07-07 17:41 . 2008-03-14 06:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-07 16:31 . 2008-09-23 21:46 -------- d-----w- c:\documents and settings\Alec\Application Data\LimeWire
2010-07-07 16:15 . 2010-01-03 22:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-02 16:15 . 2009-04-05 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-02 04:25 . 2010-07-02 04:25 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 04:25 . 2010-07-02 04:25 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 04:25 . 2010-07-02 04:25 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 04:25 . 2010-07-02 04:25 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 04:25 . 2010-07-02 04:25 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 04:25 . 2010-07-02 04:25 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 04:25 . 2010-07-02 04:25 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 04:25 . 2010-07-02 04:25 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 04:25 . 2010-07-02 04:25 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-02 04:25 . 2010-07-02 04:25 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2010-07-02 04:25 . 2010-07-02 04:25 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 04:25 . 2010-07-02 04:25 1372424 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-06-22 22:39 . 2009-08-27 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 18:56 . 2010-06-22 18:56 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb25.tmp.exe
2010-06-07 21:45 . 2010-06-07 21:45 503808 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\msvcp71.dll
2010-06-07 21:45 . 2010-06-07 21:45 499712 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\jmc.dll
2010-06-07 21:45 . 2010-06-07 21:45 61440 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12d3ebc6-n\decora-sse.dll
2010-06-07 21:45 . 2010-06-07 21:45 348160 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\msvcr71.dll
2010-06-07 21:45 . 2010-06-07 21:45 12800 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12d3ebc6-n\decora-d3d.dll
2010-05-30 17:20 . 2010-05-30 17:20 61440 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cf1cf6a-n\decora-sse.dll
2010-05-30 17:20 . 2010-05-30 17:20 503808 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\msvcp71.dll
2010-05-30 17:20 . 2010-05-30 17:20 499712 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\jmc.dll
2010-05-30 17:20 . 2010-05-30 17:20 348160 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\msvcr71.dll
2010-05-30 17:20 . 2010-05-30 17:20 12800 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cf1cf6a-n\decora-d3d.dll
2010-05-27 19:17 . 2010-05-27 19:17 503808 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\msvcp71.dll
2010-05-27 19:17 . 2010-05-27 19:17 499712 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\jmc.dll
2010-05-27 19:17 . 2010-05-27 19:17 12800 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e5b8c0e-n\decora-d3d.dll
2010-05-27 19:17 . 2010-05-27 19:17 61440 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e5b8c0e-n\decora-sse.dll
2010-05-27 19:17 . 2010-05-27 19:17 348160 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\msvcr71.dll
2010-05-27 03:01 . 2010-05-27 03:01 503808 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\msvcp71.dll
2010-05-27 03:01 . 2010-05-27 03:01 499712 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\jmc.dll
2010-05-27 03:01 . 2010-05-27 03:01 348160 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\msvcr71.dll
2010-05-27 03:01 . 2010-05-27 03:01 61440 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26b69d60-n\decora-sse.dll
2010-05-27 03:01 . 2010-05-27 03:01 12800 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26b69d60-n\decora-d3d.dll
2010-05-25 20:36 . 2010-05-25 20:36 503808 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\msvcp71.dll
2010-05-25 20:36 . 2010-05-25 20:36 499712 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\jmc.dll
2010-05-25 20:36 . 2010-05-25 20:36 348160 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\msvcr71.dll
2010-05-25 20:36 . 2010-05-25 20:36 61440 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cd94af6-n\decora-sse.dll
2010-05-25 20:36 . 2010-05-25 20:36 12800 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cd94af6-n\decora-d3d.dll
2010-05-18 16:10 . 2010-02-16 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-05-06 10:41 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 10:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-08-19 20:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-19 20:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 19:30 . 2007-12-09 20:31 95352 ----a-w- c:\documents and settings\Dylan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 22:50 . 2010-02-27 22:03 75 ---ha-w- c:\documents and settings\Matthew\jagex_runescape_preferences2.dat
2010-04-23 22:18 . 2008-07-03 20:44 41 ---ha-w- c:\documents and settings\Matthew\jagex_runescape_preferences.dat
2010-04-23 22:18 . 2010-04-23 22:18 0 ---ha-w- c:\documents and settings\Matthew\jagex__preferences3.dat
2010-04-20 05:30 . 2005-08-16 10:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 23:02 . 2010-04-19 23:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 23:09 . 2009-10-22 19:40 72192 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-18 23:02 . 2008-03-16 02:10 95352 ----a-w- c:\documents and settings\Matthew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 21:17 . 2008-08-23 02:52 95352 ----a-w- c:\documents and settings\Alec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 22:46 . 2007-08-03 07:43 95352 ----a-w- c:\documents and settings\Greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 18:02 . 2010-04-11 18:02 503808 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\msvcp71.dll
2010-04-11 18:02 . 2010-04-11 18:02 499712 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\jmc.dll
2010-04-11 18:02 . 2010-04-11 18:02 348160 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\msvcr71.dll
2010-04-11 18:02 . 2010-04-11 18:02 61440 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-198b30cc-n\decora-sse.dll
2010-04-11 18:02 . 2010-04-11 18:02 12800 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-198b30cc-n\decora-d3d.dll
2009-04-04 17:51 . 2009-04-04 17:51 336 ----a-w- c:\program files\temp995.bat
2007-08-03 07:44 . 2007-08-03 07:42 56 --sh--r- c:\windows\system32\749D152A8A.sys
2007-08-17 13:43 . 2007-08-03 07:42 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 01:12 556432 ----a-w- c:\progra~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]

c:\documents and settings\Greg\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]

c:\documents and settings\Matthew\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-6 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
0E0E16D21CA40075E68F.Xsernum 3XRI7AG0TUQ0002
0E0E16D21CA40075E68F.Xaddr SECURITY.TIPP_CITY.OH.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\World Editor.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"k:\\World of Warcraft\\Launcher.exe"=
"k:\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Apps\\2.0\\XLB2Z9DC.L15\\EKW91OAG.JNO\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"14356:TCP"= 14356:TCP:BitComet 14356 TCP
"14356:UDP"= 14356:UDP:BitComet 14356 UDP
"6112:TCP"= 6112:TCP:Warcraft III Battle.net
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/07/09 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [02/24/10 3:06 PM 173328]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [05/27/09 3:27 AM 29262680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/09 7:31 AM 92008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [08/03/07 4:48 AM 18864]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/07/09 5:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/13/10 5:07 PM 135664]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [11/08/07 4:51 PM 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [11/08/07 4:51 PM 10880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/09 10:22 AM 30603640]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10/07/09 1:35 PM 42112]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/26/09 4:28 AM 4639136]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [12/25/08 4:44 PM 18432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:06]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:06]

2010-07-08 c:\windows\Tasks\Norton Security Scan for Alec.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-02 16:50]

2010-07-08 c:\windows\Tasks\Norton Security Scan for Matthew.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-02 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: musicmatch.com\online
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://128.177.29.248/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-klmdb.sys
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-09 11:38:38
ComboFix-quarantined-files.txt 2010-07-09 15:38

Pre-Run: 30,097,235,968 bytes free
Post-Run: 34,926,833,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 33143AE5F9674296ADD59FC3345DBD89


Thank you again!

#6 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 09 July 2010 - 09:16 PM

Any guidance?

#7 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 09 July 2010 - 09:39 PM

Sorry.. I'm waiting for a reply from my teacher\moderator. Hang in there. It's late here where I am, so I'm going to go to bed, but I expect that I'll hear word back in the morning.

Edited by piano9playa5, 09 July 2010 - 09:40 PM.

I'll be away August 16-21!

Posted Image


#8 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 09 July 2010 - 09:56 PM

Thank you! I'll check back in the morning.

#9 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 10 July 2010 - 10:10 AM

Hi there,

The following instructions will remove any pieces of BitComet that I could see in the logs you provided me, as well as a few pieces of malware.

excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!


QUOTE
http://www.bleepingcomputer.com/forums/ind...p;#entry1834080

DDS::
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"14356:TCP"=-
"14356:UDP"=-

Folder::
c:\program files\BitComet

Collect::
c:\windows\Szicezezuquja.bin
c:\windows\Xlefeyifegizuta.dat



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I'll be away August 16-21!

Posted Image


#10 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 10 July 2010 - 10:46 AM

Here are the results:

ComboFix 10-07-09.02 - Greg 07/10/10 11:27:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.575 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt

file zipped: c:\windows\Szicezezuquja.bin
file zipped: c:\windows\Xlefeyifegizuta.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\cache\post_info.xml
c:\program files\BitComet\cache\rss_index.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\fav\passport_info_en_us.mht
c:\program files\BitComet\fav\passport_info_zh_cn.mht
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\lang\lang_en_us.xml
c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
c:\program files\BitComet\torrents\1079-1084.exe.xml
c:\program files\BitComet\torrents\1079.exe.xml
c:\program files\BitComet\torrents\1080.exe.xml
c:\program files\BitComet\torrents\1081.exe.xml
c:\program files\BitComet\torrents\1082.exe.xml
c:\program files\BitComet\torrents\1083.exe.xml
c:\program files\BitComet\torrents\1084-1088.exe.xml
c:\program files\BitComet\torrents\1084.exe.xml
c:\program files\BitComet\torrents\1085.exe.xml
c:\program files\BitComet\torrents\1086.exe.xml
c:\program files\BitComet\torrents\1087.exe.xml
c:\program files\BitComet\torrents\1088.exe.xml
c:\program files\BitComet\torrents\1089.exe.xml
c:\windows\Szicezezuquja.bin
c:\windows\Xlefeyifegizuta.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-08 17:03 . 2010-07-10 00:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-08 17:03 . 2010-07-08 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-08 17:03 . 2010-07-08 17:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-07 17:03 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-07 16:54 . 2010-07-07 17:03 -------- d-----w- c:\program files\VstPlugins
2010-07-07 16:53 . 2010-07-07 17:00 -------- d-----w- c:\program files\Image-Line
2010-07-07 16:53 . 2010-07-07 16:53 -------- d-----w- c:\program files\Outsim
2010-07-07 16:04 . 2010-07-07 16:04 -------- d-----w- c:\documents and settings\Alec\Application Data\Malwarebytes
2010-07-07 01:06 . 2010-07-09 08:03 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Deployment
2010-07-01 03:09 . 2010-07-01 03:09 -------- d-----w- c:\program files\Common Files\Common Share
2010-07-01 03:09 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-07-01 03:09 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-07-01 03:09 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-16 05:22 . 2010-06-16 05:22 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Temp
2010-06-11 20:26 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 15:37 . 2008-08-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-09 15:19 . 2010-07-09 15:18 1136 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-09 15:12 . 2005-08-16 10:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-07-09 14:46 . 2010-04-14 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-07-08 23:40 . 2009-01-26 16:31 3946 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-07-08 15:43 . 2008-08-19 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 15:39 . 2007-12-23 02:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Apple Computer
2010-07-08 15:34 . 2010-02-15 23:58 -------- d-----w- c:\program files\LizardTech
2010-07-08 15:34 . 2005-12-10 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 15:28 . 2005-12-10 16:48 -------- d-----w- c:\program files\Dell
2010-07-08 15:24 . 2007-12-28 20:17 -------- d-----w- c:\program files\Eudemons Online
2010-07-07 17:41 . 2008-03-14 06:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-07 16:31 . 2008-09-23 21:46 -------- d-----w- c:\documents and settings\Alec\Application Data\LimeWire
2010-07-07 16:15 . 2010-01-03 22:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-02 16:15 . 2009-04-05 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-02 04:25 . 2010-07-02 04:25 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 04:25 . 2010-07-02 04:25 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 04:25 . 2010-07-02 04:25 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 04:25 . 2010-07-02 04:25 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 04:25 . 2010-07-02 04:25 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 04:25 . 2010-07-02 04:25 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 04:25 . 2010-07-02 04:25 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 04:25 . 2010-07-02 04:25 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 04:25 . 2010-07-02 04:25 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-02 04:25 . 2010-07-02 04:25 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2010-07-02 04:25 . 2010-07-02 04:25 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 04:25 . 2010-07-02 04:25 1372424 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-06-22 22:39 . 2009-08-27 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 18:56 . 2010-06-22 18:56 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb25.tmp.exe
2010-06-07 21:45 . 2010-06-07 21:45 503808 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\msvcp71.dll
2010-06-07 21:45 . 2010-06-07 21:45 499712 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\jmc.dll
2010-06-07 21:45 . 2010-06-07 21:45 61440 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12d3ebc6-n\decora-sse.dll
2010-06-07 21:45 . 2010-06-07 21:45 348160 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d2d3d2d-n\msvcr71.dll
2010-06-07 21:45 . 2010-06-07 21:45 12800 ----a-w- c:\documents and settings\Kathy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12d3ebc6-n\decora-d3d.dll
2010-05-30 17:20 . 2010-05-30 17:20 61440 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cf1cf6a-n\decora-sse.dll
2010-05-30 17:20 . 2010-05-30 17:20 503808 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\msvcp71.dll
2010-05-30 17:20 . 2010-05-30 17:20 499712 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\jmc.dll
2010-05-30 17:20 . 2010-05-30 17:20 348160 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3dde5fd6-n\msvcr71.dll
2010-05-30 17:20 . 2010-05-30 17:20 12800 ----a-w- c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cf1cf6a-n\decora-d3d.dll
2010-05-27 19:17 . 2010-05-27 19:17 503808 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\msvcp71.dll
2010-05-27 19:17 . 2010-05-27 19:17 499712 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\jmc.dll
2010-05-27 19:17 . 2010-05-27 19:17 12800 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e5b8c0e-n\decora-d3d.dll
2010-05-27 19:17 . 2010-05-27 19:17 61440 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e5b8c0e-n\decora-sse.dll
2010-05-27 19:17 . 2010-05-27 19:17 348160 ----a-w- c:\documents and settings\Dylan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4ba6d367-n\msvcr71.dll
2010-05-27 03:01 . 2010-05-27 03:01 503808 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\msvcp71.dll
2010-05-27 03:01 . 2010-05-27 03:01 499712 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\jmc.dll
2010-05-27 03:01 . 2010-05-27 03:01 348160 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2eeac613-n\msvcr71.dll
2010-05-27 03:01 . 2010-05-27 03:01 61440 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26b69d60-n\decora-sse.dll
2010-05-27 03:01 . 2010-05-27 03:01 12800 ----a-w- c:\documents and settings\Greg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26b69d60-n\decora-d3d.dll
2010-05-25 20:36 . 2010-05-25 20:36 503808 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\msvcp71.dll
2010-05-25 20:36 . 2010-05-25 20:36 499712 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\jmc.dll
2010-05-25 20:36 . 2010-05-25 20:36 348160 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3da73ece-n\msvcr71.dll
2010-05-25 20:36 . 2010-05-25 20:36 61440 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cd94af6-n\decora-sse.dll
2010-05-25 20:36 . 2010-05-25 20:36 12800 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cd94af6-n\decora-d3d.dll
2010-05-18 16:10 . 2010-02-16 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-05-06 10:41 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 10:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-08-19 20:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-19 20:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 19:30 . 2007-12-09 20:31 95352 ----a-w- c:\documents and settings\Dylan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 22:50 . 2010-02-27 22:03 75 ---ha-w- c:\documents and settings\Matthew\jagex_runescape_preferences2.dat
2010-04-23 22:18 . 2008-07-03 20:44 41 ---ha-w- c:\documents and settings\Matthew\jagex_runescape_preferences.dat
2010-04-23 22:18 . 2010-04-23 22:18 0 ---ha-w- c:\documents and settings\Matthew\jagex__preferences3.dat
2010-04-20 05:30 . 2005-08-16 10:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 23:02 . 2010-04-19 23:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 23:09 . 2009-10-22 19:40 72192 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-18 23:02 . 2008-03-16 02:10 95352 ----a-w- c:\documents and settings\Matthew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 21:17 . 2008-08-23 02:52 95352 ----a-w- c:\documents and settings\Alec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 22:46 . 2007-08-03 07:43 95352 ----a-w- c:\documents and settings\Greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 18:02 . 2010-04-11 18:02 503808 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\msvcp71.dll
2010-04-11 18:02 . 2010-04-11 18:02 499712 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\jmc.dll
2010-04-11 18:02 . 2010-04-11 18:02 348160 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4c7cd4a0-n\msvcr71.dll
2010-04-11 18:02 . 2010-04-11 18:02 61440 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-198b30cc-n\decora-sse.dll
2010-04-11 18:02 . 2010-04-11 18:02 12800 ----a-w- c:\documents and settings\Alec\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-198b30cc-n\decora-d3d.dll
2009-04-04 17:51 . 2009-04-04 17:51 336 ----a-w- c:\program files\temp995.bat
2007-08-03 07:44 . 2007-08-03 07:42 56 --sh--r- c:\windows\system32\749D152A8A.sys
2007-08-17 13:43 . 2007-08-03 07:42 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 01:12 556432 ----a-w- c:\progra~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]

c:\documents and settings\Matthew\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-6 0]

c:\documents and settings\Greg\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
0E0E16D21CA40075E68F.Xsernum 3XRI7AG0TUQ0002
0E0E16D21CA40075E68F.Xaddr SECURITY.TIPP_CITY.OH.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\World Editor.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"k:\\World of Warcraft\\Launcher.exe"=
"k:\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\Warcraft III\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\Documents and Settings\\Matthew\\My Documents\\WoW test servers\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Apps\\2.0\\XLB2Z9DC.L15\\EKW91OAG.JNO\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"6112:TCP"= 6112:TCP:Warcraft III Battle.net
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/07/09 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [02/24/10 3:06 PM 173328]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [05/27/09 3:27 AM 29262680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/09 7:31 AM 92008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [08/03/07 4:48 AM 18864]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/26/09 4:28 AM 4639136]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/07/09 5:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/13/10 5:07 PM 135664]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [11/08/07 4:51 PM 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [11/08/07 4:51 PM 10880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/09 10:22 AM 30603640]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10/07/09 1:35 PM 42112]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [12/25/08 4:44 PM 18432]
S4 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/08/10 1:03 PM 16968]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:06]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:06]

2010-07-09 c:\windows\Tasks\Norton Security Scan for Alec.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-02 16:50]

2010-07-09 c:\windows\Tasks\Norton Security Scan for Matthew.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-02 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: musicmatch.com\online
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://128.177.29.248/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 11:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-10 11:41:54
ComboFix-quarantined-files.txt 2010-07-10 15:41
ComboFix2.txt 2010-07-09 15:38

Pre-Run: 34,840,743,936 bytes free
Post-Run: 34,892,865,536 bytes free

- - End Of File - - A6ABC8DC4EE876BFA2F120445BF46564
Upload was successful


#11 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 10 July 2010 - 07:17 PM


Hi there,
(Please do Step One before doing any extensive browsing on the Internet!) Are you experiencing any more redirects?) Are there any other problems on the computer that you've noticed?
Please note that the ESET scan in Step Three is very thorough and will take some time to complete. I recommend leaving it to run overnight if possible.

Step № One
An Anti-Virus is an absolute necessity. With new pieces of malware coming out everyday, having an up-to-date Anti-Virus critical in protecting your computer and actively removing viruses, trojans, worms, etc. While no Anti-Virus can catch everything, it is still a good idea to have one installed. Fortunately, there are fantastic free products that do just as well as payed products. To mention a few:Please note that having more than one Anti-Virus will not increase security, and may cause conflicts. It is recommended to install and run one at a time to avoid these conflicts which may LOWER security.


A Firewall is an important piece of your computers security! It's purpose is to block unwanted traffic --Hackers, Worms, some Trojan Horses, etc.-- from accessing your computer. A Firewall can block unauthorized data from being stolen, and will play a large part in keeping your computer infection-free. Luckily, Firewalls can be found for free, and will provide protection that is just as good as a paid solution. Some nice, and free, Firewall products are:Please note that although it seems a good idea to have more than one Firewall, having multiple Firewall products will decrease security, and may cause conflicts. It is recommended to install and run one at a time to avoid these conflicts which may LOWER security.


Step № Two
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step № Three
Please re-open Malwarebytes' Anti-Malware.
  • Click the Update tab, and then click Check for Updates.
  • After updating, click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Step № Four
Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.


Logs&Info
Remember to post back the following logs:
  1. How is the computer running?
  2. Results from MalwareBytes' Anti-Malware
  3. Results from ESET Online Scanner
  4. Any comments, questions or concerns?

I'll be away August 16-21!

Posted Image


#12 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 11 July 2010 - 08:22 AM

Thank you again for all of your assistance. Everything seems to be working correctly now! Following are the results from the scans:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/10/10 11:45:04 PM
mbam-log-2010-07-10 (23-45-04).txt

Scan type: Quick scan
Objects scanned: 193148
Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\oderetin.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.


ESET Scan:

C:\Documents and Settings\Alec\My Documents\My Music\96 quite bitter beings.mp3 WMA/TrojanDownloader.GetCodec.C trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alec\My Documents\My Music\Acid Music Studio 6 pro edition.zip probably a variant of Win32/TrojanDownloader.VB.OEQ trojan deleted - quarantined
C:\Documents and Settings\Alec\My Documents\My Music\Soulja Boy ft Lil Wayne - Turn My Swag On Remix.wma probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alec\My Documents\My Music\youre not me.mp3 WMA/TrojanDownloader.GetCodec.C trojan cleaned by deleting - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T08;59;17.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T09;03;09.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T09;03;37.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T09;09;31.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T09;10;20.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\Incomplete\T-5516057-fade to black metallica original studio version@2009-05-12T09;10;26.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\My Music\96 quite bitter beings.mp3 WMA/TrojanDownloader.GetCodec.C trojan cleaned by deleting - quarantined
K:\AutoBackUps\Memeo\AutoBackUp\C_\Documents and Settings\Alec\My Documents\My Music\youre not me.mp3 WMA/TrojanDownloader.GetCodec.C trojan cleaned by deleting - quarantined


I removed the programs Hitman Pro as well as StopZilla and downloaded Avira Antivir as well as Comodo and have them set up and running. Let me know what additional steps I should take. Thanks Again!


#13 piano9playa5

piano9playa5

    Malware Removal Ninja


  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:24 PM

Posted 11 July 2010 - 10:56 PM

You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.

ComboFix Uninstallation
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run,
Copy/Paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall





Removal of Removal-Tools
This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Windows Updates
You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer
  • Click Express. It will check for updates for your computer.
  • Click Install Updates. A windows should pop up giving the status of each update.
  • Reboot when prompted.
If you're feeling lazy you can turn on Automatic Updates which will do the work for you.
  • Click Start, then Control Panel
  • Click Automatic Updates
  • Check Automatic (Recommended)
  • Ok your way out.
More information about Windows Updates and clear configuration instructions can be found here.




Prevention Programs and Practices
  • Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.
  • Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.
  • Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:
Glad I could help, piano9playa5 :cheers:

I'll be away August 16-21!

Posted Image


#14 roofer

roofer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 12 July 2010 - 11:05 AM

piano9playa5,

Thank you so much for all of your assistance in getting my computer back up and running properly. Your service has been invaluable.

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 14 July 2010 - 10:47 PM

Your welcome,

Thanks for visiting BC thumbup2.gif

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users