Jump to content

meeks

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks so much for the help!!!! Much appreciated!
  2. combofix: ComboFix 10-08-06.01 - Michael Fredericks 08/06/2010 20:04:20.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1616 [GMT -4:00] Running from: c:\documents and settings\Michael Fredericks\Desktop\Combo-Fix.exe AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michael Fredericks\GoToAssistDownloadHelper.exe c:\windows\system32\klgd.bmp Infected copy of c:\windows\system32\DRIVERS\compbatt.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 ))))))))))))))))))))))))))))))) . 2010-08-06 23:57 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys 2010-08-06 23:57 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys 2010-08-05 23:13 . 2010-08-05 23:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-05 00:52 . 2010-01-04 10:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-08-05 00:52 . 2010-01-04 10:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-08-05 00:44 . 2010-08-05 00:44 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\Sunbelt 2010-08-05 00:41 . 2010-08-05 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-08-05 00:38 . 2010-05-26 17:57 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-08-05 00:38 . 2010-08-05 00:38 -------- d-----w- c:\program files\Sunbelt Software 2010-08-03 19:46 . 2010-08-03 19:46 1691 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\.purple\certificates\x509\tls_peers\api.screenname.aol.com 2010-08-03 10:43 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-08-02 23:24 . 2010-08-02 23:24 -------- d-----w- c:\program files\Common Files\Java 2010-08-02 23:23 . 2010-08-02 23:23 503808 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11fba89f-n\msvcp71.dll 2010-08-02 23:23 . 2010-08-02 23:23 499712 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11fba89f-n\jmc.dll 2010-08-02 23:23 . 2010-08-02 23:23 348160 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11fba89f-n\msvcr71.dll 2010-08-02 23:23 . 2010-08-02 23:23 61440 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4459c1ec-n\decora-sse.dll 2010-08-02 23:23 . 2010-08-02 23:23 12800 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4459c1ec-n\decora-d3d.dll 2010-08-01 21:21 . 2010-08-01 21:21 -------- d-----w- c:\program files\FileZilla FTP Client 2010-07-16 12:30 . 2010-07-16 12:30 -------- d-----w- c:\documents and settings\Michael Fredericks\Local Settings\Application Data\Citrix 2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-13 13:04 . 2000-10-29 21:34 150016 ----a-w- c:\windows\system32\Unzip32.dll 2010-07-13 13:04 . 2010-07-13 13:04 -------- d-----w- c:\program files\Bluetack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 11:11 . 2009-05-05 00:28 -------- d-----w- c:\program files\uTorrent 2010-08-06 11:11 . 2009-05-05 00:28 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\uTorrent 2010-08-06 11:09 . 2007-08-31 23:50 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-05 23:14 . 2007-08-17 00:19 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-05 00:41 . 2006-06-21 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-08-03 23:25 . 2007-08-19 22:53 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\.purple 2010-08-03 10:42 . 2010-05-25 23:38 -------- d-----w- c:\program files\Panda Security 2010-08-02 23:22 . 2009-05-09 14:17 -------- d-----w- c:\program files\Java 2010-08-01 21:27 . 2010-02-07 04:15 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\PACE Anti-Piracy 2010-08-01 21:27 . 2010-02-07 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2010-08-01 21:22 . 2009-10-11 12:57 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\FileZilla 2010-07-17 09:00 . 2010-05-29 14:26 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-05 21:31 . 2008-09-10 01:39 -------- d-----w- c:\program files\iTunes 2010-07-05 21:31 . 2010-07-05 21:31 -------- d-----w- c:\program files\iPod 2010-07-05 21:31 . 2007-08-29 22:25 -------- d-----w- c:\program files\Common Files\Apple 2010-07-05 21:27 . 2010-07-05 21:27 -------- d-----w- c:\program files\Bonjour 2010-07-05 21:25 . 2010-07-05 21:25 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-29 00:20 . 2007-11-17 18:59 3258 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\wklnhst.dat 2010-06-17 16:22 . 2010-06-17 16:22 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-11 19:38 . 2007-08-23 11:19 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\gtk-2.0 2010-06-11 12:33 . 2010-06-11 12:33 -------- d-----w- c:\program files\Cisco 2010-06-11 12:19 . 2010-06-11 12:19 -------- d-----w- c:\program files\RealVNC 2010-05-29 20:08 . 2010-05-24 22:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-29 20:06 . 2006-07-01 16:53 95640 ----a-w- c:\documents and settings\Michael Fredericks\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-29 19:41 . 2004-08-11 22:14 89019 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-29 14:27 . 2010-05-29 14:27 503808 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44bbfe89-n\msvcp71.dll 2010-05-29 14:27 . 2010-05-29 14:27 61440 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-710bfe8b-n\decora-sse.dll 2010-05-29 14:27 . 2010-05-29 14:27 499712 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44bbfe89-n\jmc.dll 2010-05-29 14:27 . 2010-05-29 14:27 348160 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44bbfe89-n\msvcr71.dll 2010-05-29 14:27 . 2010-05-29 14:27 12800 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-710bfe8b-n\decora-d3d.dll 2010-05-26 23:03 . 2010-06-17 11:18 57856 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-05-26 23:03 . 2010-06-17 11:18 545280 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2010-05-26 23:03 . 2010-06-17 11:18 4687360 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll 2010-05-26 23:03 . 2010-06-17 11:18 425984 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-05-26 23:03 . 2010-06-17 11:18 153088 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-05-26 23:03 . 2010-06-17 11:18 103424 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-05-24 23:02 . 2010-05-24 23:02 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-22 02:06 . 2006-06-21 04:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-21 18:14 . 2009-10-02 18:54 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-05-29 02:02 . 2006-07-02 08:25 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02 . 2006-07-02 08:25 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-26 615696] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440] "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752] "HipServ Agent"="c:\program files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe" [2009-09-28 2437376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-06-17 1295696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-131 revA\wirelesscm.exe [2010-5-20 496896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MIDI2"=diomidi.dll "wave2"=Digi32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-04-06 19:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-02-22 17:00 49152 ----a-w- c:\dell\E-Center\GTB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-12-14 00:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSVC"=2 (0x2) "WLANKEEPER"=2 (0x2) "S24EventMonitor"=2 (0x2) "RegSrvc"=3 (0x3) "PEVSystemStart"=2 (0x2) "NMIndexingService"=3 (0x3) "MpfService"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "dsNcService"=2 (0x2) "DigiRefresh"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\rsync.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\ssh.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraPicturesWizard.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraSmartShortcut.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\HipServAgent\\HipServAgent.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/3/2010 6:43 AM 28552] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/4/2010 8:52 PM 13400] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [8/4/2010 8:38 PM 204632] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2/7/2010 12:14 AM 11776] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [11/4/2007 11:54 AM 10951] R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [6/17/2010 12:23 PM 2730120] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/4/2010 8:52 PM 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [6/17/2010 12:21 PM 181584] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 11:07 AM 493248] R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/20/2010 6:42 PM 20480] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/20/2010 6:42 PM 572544] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-131 revA\WLSVC.exe [5/20/2010 6:42 PM 167936] S4 ROVA_Srvc;ROVA Service;c:\program files\ROVA Update\rovasrvc.exe [10/9/2007 6:53 AM 83536] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 7:28 PM 717296] . Contents of the 'Scheduled Tasks' folder 2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-08-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://gateway01.gfigroup.com/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3192) c:\program files\Sunbelt Software\VIPRE\oehook.dll c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\ShellHook.dll c:\program files\Microsoft Office\Office10\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\netdde.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\Ati2evxx.exe c:\windows\stsystra.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-08-06 20:26:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-07 00:26 ComboFix2.txt 2010-05-27 21:17 Pre-Run: 7,576,076,288 bytes free Post-Run: 7,799,447,552 bytes free - - End Of File - - 9B30DE9389DC83F1A3779C7F8BC95BFF
  3. Thanks Borislav, here is MWB and DDS, I'm not sure what JavaRa is? MWB: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4397 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 8/6/2010 7:23:33 AM mbam-log-2010-08-06 (07-23-33).txt Scan type: Quick scan Objects scanned: 147214 Time elapsed: 10 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael Fredericks at 7:24:54.32 on Fri 08/06/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1331 [GMT -4:00] AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe C:\Program Files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael Fredericks\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Internet Explorer Plugin: {7922062a-bfdc-4708-9211-f91aab7d60c7} - pavwx.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5104.1546\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe mRun: [HipServ Agent] c:\program files\netgear\stora desktop applications\hipservagent\HipServAgent.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-131 reva\wirelesscm.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://gateway01.gfigroup.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-3 28552] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-4 214664] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-8-4 13400] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-4 204632] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-2-7 11776] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2007-11-4 10951] R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-6-17 2730120] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-8-4 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-6-17 181584] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248] R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-5-20 20480] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-5-20 572544] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S2 WLSVC;WLSVC;c:\program files\d-link\dwa-131 reva\WLSVC.exe [2010-5-20 167936] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-4 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-4 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-4 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-4 40552] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] S4 ROVA_Srvc;ROVA Service;c:\program files\rova update\rovasrvc.exe [2007-10-9 83536] =============== Created Last 30 ================ 2010-08-05 23:04:47 0 ----a-w- c:\documents and settings\michael fredericks\defogger_reenable 2010-08-05 00:52:05 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-08-05 00:52:04 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-08-05 00:44:14 0 d-----w- c:\docume~1\michae~1\applic~1\Sunbelt 2010-08-05 00:41:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt 2010-08-05 00:38:42 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-08-05 00:38:39 0 d-----w- c:\program files\Sunbelt Software 2010-08-03 10:43:58 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-08-03 01:48:11 37458 ----a-w- c:\windows\system32\vtpkt 2010-08-03 01:47:59 98304 ----a-w- c:\windows\system32\klgd.bmp 2010-07-16 12:30:50 103784 ----a-w- c:\documents and settings\michael fredericks\GoToAssistDownloadHelper.exe 2010-07-14 01:04:14 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-13 13:04:09 212240 ----a-w- c:\windows\system32\Richtx32.ocx 2010-07-13 13:04:09 150016 ----a-w- c:\windows\system32\Unzip32.dll 2010-07-13 13:04:09 124688 ----a-w- c:\windows\system32\mswinsck.ocx 2010-07-13 13:04:08 0 d-----w- c:\program files\Bluetack ==================== Find3M ==================== 2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-29 00:20:19 3258 ----a-w- c:\docume~1\michae~1\applic~1\wklnhst.dat 2010-06-26 04:18:03 95640 ----a-w- c:\docume~1\michae~1\applic~1\GDIPFONTCACHEV1.DAT 2010-06-17 16:22:06 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-05-24 23:02:49 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-05-29 02:02:06 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02:14 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 7:26:26.60 =============== Attach.zip
  4. This happened a while ago and unfortunately by some means has returned... any assistance is much appreciated. Thanks in advance. MWB: --------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4383 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 8/5/2010 9:24:27 PM mbam-log-2010-08-05 (21-24-27).txt Scan type: Quick scan Objects scanned: 146012 Time elapsed: 12 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: --------------------- DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael at 19:06:04.78 on Thu 08/05/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1230 [GMT -4:00] AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe C:\Program Files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Michael Fredericks\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Internet Explorer Plugin: {7922062a-bfdc-4708-9211-f91aab7d60c7} - pavwx.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5104.1546\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe mRun: [HipServ Agent] c:\program files\netgear\stora desktop applications\hipservagent\HipServAgent.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-131 reva\wirelesscm.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://gateway01.gfigroup.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-3 28552] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-4 214664] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-8-4 13400] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-4 204632] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-2-7 11776] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2007-11-4 10951] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-8-4 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-6-17 181584] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248] R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-5-20 20480] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-5-20 572544] S2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-6-17 2730120] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S2 WLSVC;WLSVC;c:\program files\d-link\dwa-131 reva\WLSVC.exe [2010-5-20 167936] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-4 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-4 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-4 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-4 40552] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] S4 ROVA_Srvc;ROVA Service;c:\program files\rova update\rovasrvc.exe [2007-10-9 83536] =============== Created Last 30 ================ 2010-08-05 23:04:47 0 ----a-w- c:\documents and settings\michael fredericks\defogger_reenable 2010-08-05 00:52:05 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-08-05 00:52:04 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-08-05 00:44:14 0 d-----w- c:\docume~1\michae~1\applic~1\Sunbelt 2010-08-05 00:41:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt 2010-08-05 00:38:42 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-08-05 00:38:39 0 d-----w- c:\program files\Sunbelt Software 2010-08-03 10:43:58 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-08-03 01:48:11 37458 ----a-w- c:\windows\system32\vtpkt 2010-08-03 01:47:59 98304 ----a-w- c:\windows\system32\klgd.bmp 2010-07-16 12:30:50 103784 ----a-w- c:\documents and settings\michael fredericks\GoToAssistDownloadHelper.exe 2010-07-14 01:04:14 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-13 13:04:09 212240 ----a-w- c:\windows\system32\Richtx32.ocx 2010-07-13 13:04:09 150016 ----a-w- c:\windows\system32\Unzip32.dll 2010-07-13 13:04:09 124688 ----a-w- c:\windows\system32\mswinsck.ocx 2010-07-13 13:04:08 0 d-----w- c:\program files\Bluetack ==================== Find3M ==================== 2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-29 00:20:19 3258 ----a-w- c:\docume~1\michae~1\applic~1\wklnhst.dat 2010-06-26 04:18:03 95640 ----a-w- c:\docume~1\michae~1\applic~1\GDIPFONTCACHEV1.DAT 2010-06-17 16:22:06 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-05-24 23:02:49 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-05-29 02:02:06 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02:14 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 19:06:59.79 =============== Attach.zip
  5. All clean! Thank you so very much for all of your help! It is much appreciated!
  6. Installing SP3 now, scan found three infections: C:\Documents and Settings\Michael Fredericks\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{582A7C04-FCAC-41AF-ABE8-E7629350AFE4} Win32/Qhost trojan cleaned by deleting - quarantined C:\WINDOWS\maxdriver\intelppm.sys Win32/Olmarik.ZC trojan cleaned - quarantined C:\WINDOWS\system32\drivers\intelppm.vir Win32/Olmarik.ZC trojan cleaned - quarantined
  7. MBAM comes up clean DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael Fredericks at 0:49:45.28 on Sat 05/29/2010 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1363 [GMT -4:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe C:\Program Files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Michael Fredericks\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5104.1546\swg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe mRun: [HipServ Agent] c:\program files\netgear\stora desktop applications\hipservagent\HipServAgent.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-131 reva\wirelesscm.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\michael fredericks\application data\neulion\adaptiveplugin\npadaptiveplugin_1_6_5_7131.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-25 28552] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-4 214664] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-2-7 11776] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-4 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-4 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-4 144704] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2007-11-4 10951] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-5-20 20480] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-1 38224] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-4 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-4 40552] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-5-20 572544] S2 WLSVC;WLSVC;c:\program files\d-link\dwa-131 reva\WLSVC.exe [2010-5-20 167936] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-5-24 15944] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-4 34248] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S4 ROVA_Srvc;ROVA Service;c:\program files\rova update\rovasrvc.exe [2007-10-9 83536] =============== Created Last 30 ================ 2010-05-28 11:20:09 36352 ----a-w- c:\windows\system32\drivers\OLD1B.tmp 2010-05-28 11:20:03 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys 2010-05-28 10:57:34 167 ----a-w- c:\windows\copy.con 2010-05-27 19:40:13 220024 ----a-w- c:\windows\sigcheck.exe 2010-05-27 19:32:20 0 d-----w- c:\windows\maxdriver 2010-05-26 23:23:24 50176 ----a-w- c:\windows\system32\proquota.exe 2010-05-26 23:05:40 98816 ----a-w- c:\windows\sed.exe 2010-05-26 23:05:40 77312 ----a-w- c:\windows\MBR.exe 2010-05-26 23:05:40 256512 ----a-w- c:\windows\PEV.exe 2010-05-26 23:05:40 161792 ----a-w- c:\windows\SWREG.exe 2010-05-26 23:04:08 0 d--h--w- c:\windows\PIF 2010-05-25 23:44:06 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-25 23:38:51 0 d-----w- c:\program files\Panda Security 2010-05-24 23:32:40 0 d-----w- c:\program files\Trend Micro 2010-05-24 23:02:49 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-24 22:55:31 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-24 22:55:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-05-24 22:55:00 0 d-----w- c:\program files\Hitman Pro 3.5 2010-05-24 11:43:02 0 d-sha-r- C:\cmdcons 2010-05-22 04:48:51 0 d-----w- c:\program files\iPod 2010-05-22 04:48:43 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-22 04:40:26 0 d-----w- c:\program files\Bonjour 2010-05-22 04:08:57 0 d-----w- c:\program files\Network Stumbler 2010-05-20 22:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\D-Link 2010-05-20 22:42:28 572544 ----a-w- c:\windows\system32\drivers\RTL8192su.sys 2010-05-20 22:42:28 0 d-----w- c:\windows\pcidevice 2010-05-20 22:42:20 20480 ----a-w- c:\windows\system32\wlndis50.sys 2010-05-20 22:42:20 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys 2010-05-20 22:42:20 1593 ----a-w- c:\windows\system32\wlndis50.inf 2010-05-20 22:42:20 10667 ----a-w- c:\windows\system32\wlndis50.cat 2010-05-20 22:42:20 0 d-----w- c:\program files\D-Link ==================== Find3M ==================== 2010-05-22 02:06:14 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 18:52:30 2792 ----a-w- c:\docume~1\michae~1\applic~1\wklnhst.dat 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 08:02:04 417792 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-03-10 04:57:43 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2010-03-10 04:57:36 1024000 ------w- c:\windows\system32\dllcache\browseui.dll 2009-05-29 02:02:06 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02:14 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 0:49:58.33 =============== Attach.txt
  8. Ok will do as soon as I get home.
  9. SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 06:15 on 28/05/2010 by Michael Fredericks (Administrator - Elevation successful) ========== filefind ========== Searching for "intelppm.sys" C:\i386\intelppm.sys --a--- 36096 bytes [16:22 01/07/2006] [10:00 04/08/2004] 279FB78702454DFF2BB445F238C048D2 C:\WINDOWS\maxdriver\intelppm.sys --a--- 36096 bytes [03:59 04/08/2004] [10:00 04/08/2004] D39E43CFA1DAB81C618415654DC5D39E C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --a--- 36352 bytes [16:28 05/09/2008] [18:31 13/04/2008] 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\system32\drivers\intelppm.sys --a--- 36096 bytes [03:59 04/08/2004] [10:00 04/08/2004] 279FB78702454DFF2BB445F238C048D2 -=End Of File=-
  10. ComboFix 10-05-27.01 - Michael Fredericks 05/27/2010 17:09:12.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1729 [GMT -4:00] Running from: c:\documents and settings\Michael Fredericks\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Michael Fredericks\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\look.bat . ((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))))) . 2010-05-27 19:40 . 2010-02-26 21:26 220024 ----a-w- c:\windows\sigcheck.exe 2010-05-27 19:32 . 2010-05-27 15:37 -------- d-----w- c:\windows\maxdriver 2010-05-26 23:23 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe 2010-05-26 23:04 . 2010-05-26 23:04 -------- d--h--w- c:\windows\PIF 2010-05-26 00:18 . 2010-05-26 00:18 1691 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\.purple\certificates\x509\tls_peers\api.screenname.aol.com 2010-05-25 23:45 . 2010-05-25 23:45 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-05-25 23:44 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-25 23:38 . 2010-05-25 23:38 -------- d-----w- c:\program files\Panda Security 2010-05-25 03:01 . 2010-05-25 03:01 94864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 01:15 . 2010-05-25 01:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-05-24 23:32 . 2010-05-24 23:32 -------- d-----w- c:\program files\Trend Micro 2010-05-24 23:02 . 2010-05-24 23:02 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-24 22:55 . 2010-05-27 01:31 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-24 22:55 . 2010-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-05-23 17:03 . 2010-05-23 17:03 -------- d-----w- c:\documents and settings\Michael Fredericks\Local Settings\Application Data\gicbhqiwt 2010-05-22 04:48 . 2010-05-22 04:48 -------- d-----w- c:\program files\iPod 2010-05-22 04:48 . 2010-05-22 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-22 04:40 . 2010-05-22 04:40 -------- d-----w- c:\program files\Bonjour 2010-05-22 04:37 . 2010-05-22 04:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-22 04:08 . 2010-05-22 04:08 -------- d-----w- c:\program files\Network Stumbler 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\D-Link 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\windows\pcidevice 2010-05-20 22:42 . 2009-04-08 21:20 572544 ----a-w- c:\windows\system32\drivers\RTL8192su.sys 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\program files\D-Link 2010-05-20 22:42 . 2008-02-27 14:54 20480 ----a-w- c:\windows\system32\wlndis50.sys 2010-05-20 22:42 . 2008-02-27 14:54 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-27 01:30 . 2006-06-21 04:40 -------- d-----w- c:\program files\Common Files\Real 2010-05-27 01:29 . 2006-06-21 04:29 -------- d-----w- c:\program files\Dell 2010-05-27 01:28 . 2006-06-21 04:38 -------- d-----w- c:\program files\Sonic 2010-05-27 01:27 . 2006-06-21 04:39 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-27 01:24 . 2007-10-09 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Quintech 2010-05-27 01:21 . 2006-06-21 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-26 01:43 . 2007-08-19 22:53 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\.purple 2010-05-24 11:32 . 2009-05-05 00:28 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\uTorrent 2010-05-24 10:25 . 2007-06-09 13:25 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\Apple Computer 2010-05-23 20:55 . 2009-05-02 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 04:49 . 2008-09-10 01:39 -------- d-----w- c:\program files\iTunes 2010-05-22 04:48 . 2007-08-29 22:25 -------- d-----w- c:\program files\Common Files\Apple 2010-05-22 04:44 . 2009-06-27 12:40 -------- d-----w- c:\program files\QuickTime 2010-05-22 02:06 . 2006-06-21 04:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-12 23:15 . 2009-05-06 12:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-05-12 15:21 . 2009-10-02 18:54 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 19:39 . 2009-05-02 01:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-05-02 01:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 18:52 . 2007-11-17 18:59 2792 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\wklnhst.dat 2010-04-26 01:17 . 2008-12-19 03:18 256 ----a-w- c:\windows\system32\pool.bin 2010-04-26 01:02 . 2010-04-26 01:02 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\Blackberry Desktop 2010-04-21 23:23 . 2010-04-21 23:23 64505 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\NeuLion\AdaptivePlugin\uninst.exe 2010-04-21 23:23 . 2010-04-21 23:23 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\NeuLion 2010-04-14 10:55 . 2009-12-02 20:59 79488 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-03 06:49 . 2009-05-05 01:13 -------- d-----w- c:\program files\McAfee 2010-04-03 06:48 . 2009-05-05 00:28 -------- d-----w- c:\program files\uTorrent 2010-04-02 15:28 . 2010-04-02 15:28 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1 2010-04-02 15:28 . 2010-04-02 15:28 -------- d-----w- c:\program files\iTunesExport 2010-03-10 08:02 . 2004-08-11 22:00 417792 ----a-w- c:\windows\system32\vbscript.dll 2010-02-28 13:13 . 2010-02-17 00:22 367958 ----a-r- c:\documents and settings\Michael Fredericks\Application Data\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\UNINST_Uninstall_H_9ED9CE66B43A4E08B55CA91255271E02.exe 2010-02-28 13:13 . 2010-02-17 00:22 367958 ----a-r- c:\documents and settings\Michael Fredericks\Application Data\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\ARPPRODUCTICON.exe 2009-05-29 02:02 . 2006-07-02 08:25 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02 . 2006-07-02 08:25 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2010-05-26_23.23.42 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-11 22:00 . 2010-05-27 21:09 71936 c:\windows\system32\perfc009.dat + 2006-06-27 23:29 . 2010-05-27 19:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-27 23:29 . 2010-05-26 20:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-27 23:29 . 2010-05-27 19:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-06-27 23:29 . 2010-05-26 20:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-05-27 01:31 . 2010-05-27 19:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-09-28 23:00 . 2006-09-28 23:00 82944 c:\windows\maxdriver\WudfRd.sys + 2006-09-28 22:55 . 2006-09-28 22:55 77568 c:\windows\maxdriver\WudfPf.sys + 2004-08-11 22:00 . 2004-08-04 10:00 12032 c:\windows\maxdriver\ws2ifsl.sys + 2005-01-28 18:44 . 2006-10-19 00:00 38528 c:\windows\maxdriver\wpdusb.sys + 2010-05-20 22:42 . 2008-02-27 14:54 20480 c:\windows\maxdriver\WLNdis50.sys + 2006-06-21 04:28 . 2006-06-14 09:00 82944 c:\windows\maxdriver\wdmaud.sys + 2004-08-11 22:00 . 2004-08-04 10:00 34560 c:\windows\maxdriver\wanarp.sys + 2009-02-03 20:23 . 2009-10-09 14:50 20152 c:\windows\maxdriver\vpnva.sys + 2004-08-11 22:00 . 2004-08-04 10:00 52352 c:\windows\maxdriver\volsnap.sys + 2004-08-11 22:00 . 2004-08-04 10:00 79744 c:\windows\maxdriver\videoprt.sys + 2004-08-11 22:37 . 2004-08-04 04:07 42240 c:\windows\maxdriver\VIAAGP.SYS + 2004-08-11 22:00 . 2004-08-04 10:00 20992 c:\windows\maxdriver\vga.sys + 2001-08-17 19:02 . 2004-08-04 10:00 58112 c:\windows\maxdriver\vdmindvd.sys + 2004-08-04 04:08 . 2004-08-04 04:08 20480 c:\windows\maxdriver\usbuhci.sys + 2006-08-27 20:25 . 2004-08-04 03:08 26496 c:\windows\maxdriver\USBSTOR.SYS + 2009-10-11 20:56 . 2004-08-04 02:58 15104 c:\windows\maxdriver\usbscan.sys + 2007-10-07 10:55 . 2004-08-04 03:01 25856 c:\windows\maxdriver\usbprint.sys + 2004-08-04 04:08 . 2004-08-04 10:00 16000 c:\windows\maxdriver\usbintel.sys + 2004-08-04 04:08 . 2004-08-04 04:08 57600 c:\windows\maxdriver\usbhub.sys + 2004-08-04 04:08 . 2005-10-25 23:39 27264 c:\windows\maxdriver\usbehci.sys + 2007-08-26 23:10 . 2004-08-04 03:08 31616 c:\windows\maxdriver\usbccgp.sys + 2001-08-17 19:03 . 2004-08-04 10:00 23936 c:\windows\maxdriver\usbcamd2.sys + 2001-08-17 19:03 . 2004-08-04 10:00 23808 c:\windows\maxdriver\usbcamd.sys + 2004-08-11 22:00 . 2004-08-04 10:00 12672 c:\windows\maxdriver\usb8023.sys + 2004-08-11 22:47 . 2001-08-17 18:52 36736 c:\windows\maxdriver\ultra.sys + 2004-08-11 22:00 . 2004-08-04 10:00 66176 c:\windows\maxdriver\udfs.sys + 2004-08-04 04:03 . 2004-08-04 10:00 12416 c:\windows\maxdriver\tunmp.sys + 2001-08-17 19:06 . 2004-08-04 10:00 21376 c:\windows\maxdriver\tsbvcap.sys + 2006-10-16 08:03 . 2006-10-16 08:03 72608 c:\windows\maxdriver\TPkd.sys + 2003-07-01 02:52 . 2003-07-01 02:52 16320 c:\windows\maxdriver\tostrans.sys + 2006-02-09 11:31 . 2006-02-09 11:31 39936 c:\windows\maxdriver\tosrfusb.sys + 2005-04-05 23:54 . 2005-04-05 23:54 50048 c:\windows\maxdriver\tosrfsnd.sys + 2005-01-06 03:42 . 2005-01-06 03:42 18612 c:\windows\maxdriver\tosrfnds.sys + 2002-02-07 06:24 . 2002-02-07 06:24 25420 c:\windows\maxdriver\tosrflan.sys + 2006-01-11 07:29 . 2006-01-11 07:29 62848 c:\windows\maxdriver\tosrfhid.sys + 2005-08-01 06:45 . 2005-08-01 06:45 64896 c:\windows\maxdriver\tosrfcom.sys + 2005-09-15 08:06 . 2005-09-15 08:06 36480 c:\windows\maxdriver\tosrfbnp.sys + 2005-11-21 23:47 . 2005-11-21 23:47 47104 c:\windows\maxdriver\tosporte.sys + 2001-08-17 19:01 . 2004-08-04 10:00 51712 c:\windows\maxdriver\tosdvd.sys + 2004-08-30 06:27 . 2004-08-30 06:27 48640 c:\windows\maxdriver\tosdbt.sys + 2003-04-07 11:52 . 2003-04-07 11:52 21120 c:\windows\maxdriver\tosbtsd2.sys + 2004-08-11 22:11 . 2004-08-04 06:01 40840 c:\windows\maxdriver\termdd.sys + 2004-08-11 22:11 . 2004-08-04 10:00 21896 c:\windows\maxdriver\tdtcp.sys + 2004-08-11 22:11 . 2004-08-04 10:00 12040 c:\windows\maxdriver\tdpipe.sys + 2004-08-11 22:00 . 2004-08-04 10:00 18560 c:\windows\maxdriver\tdi.sys + 2004-08-11 22:00 . 2004-08-04 10:00 14976 c:\windows\maxdriver\tape.sys + 2006-06-21 04:28 . 2004-08-04 04:15 60800 c:\windows\maxdriver\sysaudio.sys + 2004-08-11 22:42 . 2001-08-17 19:07 32640 c:\windows\maxdriver\symc8xx.sys + 2004-08-11 22:43 . 2001-08-17 19:07 16256 c:\windows\maxdriver\symc810.sys + 2004-08-11 22:43 . 2001-08-17 19:07 30688 c:\windows\maxdriver\sym_u3.sys + 2004-08-11 22:41 . 2001-08-17 19:07 28384 c:\windows\maxdriver\sym_hi.sys + 2006-06-21 04:28 . 2001-08-17 19:00 54272 c:\windows\maxdriver\swmidi.sys + 2004-08-04 04:08 . 2004-08-04 03:08 48640 c:\windows\maxdriver\stream.sys + 2006-06-21 04:41 . 2004-07-14 16:28 23545 c:\windows\maxdriver\ssrtln.sys + 2004-08-11 22:12 . 2004-08-04 10:00 73472 c:\windows\maxdriver\sr.sys + 2004-08-11 22:38 . 2001-08-17 19:07 19072 c:\windows\maxdriver\sparrow.sys + 2004-08-04 04:09 . 2004-08-04 10:00 25472 c:\windows\maxdriver\sonydcam.sys + 2004-08-11 22:00 . 2004-08-04 10:00 14592 c:\windows\maxdriver\smclib.sys + 2004-08-11 22:36 . 2004-08-04 04:07 41088 c:\windows\maxdriver\SISAGP.SYS + 2004-08-04 03:59 . 2004-08-04 10:00 11392 c:\windows\maxdriver\sfloppy.sys + 2004-08-04 03:59 . 2004-08-04 10:00 10240 c:\windows\maxdriver\sffp_sd.sys + 2004-08-04 03:59 . 2004-08-04 10:00 11136 c:\windows\maxdriver\sffdisk.sys + 2004-08-04 04:15 . 2004-08-04 10:00 64896 c:\windows\maxdriver\serial.sys + 2004-08-04 03:59 . 2004-08-04 10:00 15488 c:\windows\maxdriver\serenum.sys + 2004-08-11 22:00 . 2007-11-13 10:25 20480 c:\windows\maxdriver\secdrv.sys + 2004-08-04 04:07 . 2004-08-04 10:00 67584 c:\windows\maxdriver\sdbus.sys + 2004-08-04 03:59 . 2004-08-04 10:00 96256 c:\windows\maxdriver\scsiport.sys + 2005-12-28 18:22 . 2005-12-28 18:22 13568 c:\windows\maxdriver\s24trans.sys + 2004-08-11 22:00 . 2004-08-04 10:00 30080 c:\windows\maxdriver\rndismp.sys + 2001-08-17 18:24 . 2004-08-04 10:00 12032 c:\windows\maxdriver\riodrv.sys + 2001-08-17 18:24 . 2004-08-04 10:00 12032 c:\windows\maxdriver\rio8drv.sys + 2008-05-20 23:33 . 2008-05-20 23:33 22784 c:\windows\maxdriver\RimUsb.sys + 2006-06-21 04:04 . 2005-10-14 13:40 51328 c:\windows\maxdriver\rimsptsk.sys + 2008-12-19 02:18 . 2007-01-18 14:24 26496 c:\windows\maxdriver\RimSerial.sys + 2006-06-21 04:04 . 2005-10-14 13:40 28544 c:\windows\maxdriver\rimmptsk.sys + 2004-08-11 22:09 . 2004-08-04 03:59 57472 c:\windows\maxdriver\redbook.sys + 2004-08-11 22:00 . 2004-08-04 10:00 34432 c:\windows\maxdriver\rawwan.sys + 2004-08-11 22:00 . 2004-08-04 10:00 16512 c:\windows\maxdriver\raspti.sys + 2004-08-11 22:00 . 2004-08-04 10:00 48384 c:\windows\maxdriver\raspptp.sys + 2004-08-11 22:00 . 2004-08-04 10:00 41472 c:\windows\maxdriver\raspppoe.sys + 2004-08-11 22:00 . 2004-08-04 10:00 51328 c:\windows\maxdriver\rasl2tp.sys + 2004-08-11 22:44 . 2001-08-17 18:52 49024 c:\windows\maxdriver\ql1280.sys + 2004-08-11 22:44 . 2001-08-17 18:52 40448 c:\windows\maxdriver\ql1240.sys + 2004-08-11 22:44 . 2001-08-17 18:52 45312 c:\windows\maxdriver\ql12160.sys + 2004-08-11 22:43 . 2001-08-17 18:52 33152 c:\windows\maxdriver\ql10wnt.sys + 2004-08-11 22:43 . 2001-08-17 18:52 40320 c:\windows\maxdriver\ql1080.sys + 2005-04-25 07:03 . 2005-04-25 07:03 20640 c:\windows\maxdriver\pxhelp20.sys + 2004-08-11 22:00 . 2004-08-04 10:00 17792 c:\windows\maxdriver\ptilink.sys + 2004-08-11 22:00 . 2004-08-04 10:00 69120 c:\windows\maxdriver\psched.sys + 2004-08-04 03:59 . 2004-08-04 10:00 35328 c:\windows\maxdriver\processr.sys + 2004-08-11 22:41 . 2001-08-17 19:07 27296 c:\windows\maxdriver\perc2.sys + 2004-08-04 03:59 . 2004-08-04 03:59 25088 c:\windows\maxdriver\pciidex.sys + 2004-08-04 04:07 . 2004-08-04 04:07 68224 c:\windows\maxdriver\pci.sys + 2010-05-25 23:44 . 2009-06-30 13:37 28552 c:\windows\maxdriver\pavboot.sys + 2004-08-11 22:00 . 2004-08-04 10:00 18688 c:\windows\maxdriver\partmgr.sys + 2004-08-04 03:59 . 2004-08-04 10:00 80128 c:\windows\maxdriver\parport.sys + 2004-08-04 03:59 . 2004-08-04 10:00 42496 c:\windows\maxdriver\p3.sys + 2006-06-21 04:38 . 2004-02-13 14:46 17153 c:\windows\maxdriver\omci.sys + 2006-06-21 04:13 . 2004-08-04 04:10 61056 c:\windows\maxdriver\ohci1394.sys + 2004-08-11 22:00 . 2004-08-04 10:00 55936 c:\windows\maxdriver\nwlnkspx.sys + 2004-08-11 22:00 . 2004-08-04 10:00 63232 c:\windows\maxdriver\nwlnknb.sys + 2004-08-11 22:00 . 2004-08-04 10:00 88448 c:\windows\maxdriver\nwlnkipx.sys + 2004-08-11 22:00 . 2004-08-04 10:00 32512 c:\windows\maxdriver\nwlnkfwd.sys + 2004-08-11 22:00 . 2004-08-04 10:00 12416 c:\windows\maxdriver\nwlnkflt.sys + 2004-08-11 22:00 . 2004-08-04 10:00 30848 c:\windows\maxdriver\npfs.sys + 2004-08-11 22:00 . 2004-08-04 10:00 40320 c:\windows\maxdriver\nmnt.sys + 2001-08-17 18:24 . 2004-08-04 10:00 12032 c:\windows\maxdriver\nikedrv.sys + 2004-08-04 03:58 . 2004-08-04 10:00 61824 c:\windows\maxdriver\nic1394.sys + 2004-08-11 22:00 . 2004-08-04 10:00 34560 c:\windows\maxdriver\netbios.sys + 2004-08-11 22:00 . 2004-08-04 10:00 38016 c:\windows\maxdriver\ndproxy.sys + 2004-08-11 22:00 . 2004-08-04 10:00 91776 c:\windows\maxdriver\ndiswan.sys + 2004-08-04 04:03 . 2004-08-04 10:00 12928 c:\windows\maxdriver\ndisuio.sys + 2004-08-04 04:07 . 2004-08-04 04:07 15488 c:\windows\maxdriver\mssmbios.sys + 2004-08-11 22:00 . 2004-08-04 10:00 35072 c:\windows\maxdriver\msgpc.sys + 2004-08-11 22:00 . 2004-08-04 10:00 19072 c:\windows\maxdriver\msfs.sys + 2004-08-11 22:41 . 2001-08-17 18:52 17280 c:\windows\maxdriver\mraid35x.sys + 2004-08-11 22:00 . 2009-06-22 11:48 91776 c:\windows\maxdriver\mqac.sys + 2004-08-11 22:00 . 2004-08-04 10:00 42240 c:\windows\maxdriver\mountmgr.sys + 2006-06-29 02:07 . 2001-08-17 17:48 12160 c:\windows\maxdriver\mouhid.sys + 2004-08-04 03:58 . 2004-08-04 03:58 23040 c:\windows\maxdriver\mouclass.sys + 2004-08-04 04:08 . 2004-08-04 10:00 30080 c:\windows\maxdriver\modem.sys + 2009-05-05 01:15 . 2009-09-16 14:22 40552 c:\windows\maxdriver\mfesmfk.sys + 2009-05-05 00:57 . 2009-09-16 14:22 34248 c:\windows\maxdriver\mferkdk.sys + 2009-05-05 01:15 . 2009-09-16 14:22 35272 c:\windows\maxdriver\mfebopk.sys + 2009-05-05 01:15 . 2009-09-16 14:22 79816 c:\windows\maxdriver\mfeavfk.sys + 2004-08-04 04:07 . 2004-08-04 10:00 63744 c:\windows\maxdriver\mf.sys + 2006-06-21 04:04 . 2004-03-17 01:04 13059 c:\windows\maxdriver\mdmxsdk.sys + 2009-05-02 01:54 . 2010-04-29 19:39 38224 c:\windows\maxdriver\mbamswissarmy.sys + 2009-05-02 01:54 . 2010-04-29 19:39 20952 c:\windows\maxdriver\mbam.sys + 2004-08-11 22:00 . 2009-06-22 11:35 92544 c:\windows\maxdriver\ksecdd.sys + 2004-08-04 03:58 . 2004-08-04 03:58 24576 c:\windows\maxdriver\kbdclass.sys + 2001-08-17 18:58 . 2001-08-17 18:58 35840 c:\windows\maxdriver\isapnp.sys + 2004-08-11 22:07 . 2004-08-04 10:00 11264 c:\windows\maxdriver\irenum.sys + 2004-08-11 22:00 . 2004-08-04 10:00 74752 c:\windows\maxdriver\ipsec.sys + 2004-08-11 22:00 . 2004-08-04 10:00 20992 c:\windows\maxdriver\ipinip.sys + 2004-08-11 22:00 . 2004-08-04 10:00 32896 c:\windows\maxdriver\ipfltdrv.sys + 2004-08-11 22:00 . 2004-08-04 10:00 29056 c:\windows\maxdriver\ip6fw.sys + 2004-08-04 03:59 . 2004-08-04 10:00 36096 c:\windows\maxdriver\intelppm.sys + 2004-08-11 22:46 . 2001-08-17 18:52 16000 c:\windows\maxdriver\ini910u.sys + 2004-08-04 04:00 . 2004-08-04 10:00 41856 c:\windows\maxdriver\imapi.sys + 2007-11-21 22:31 . 2007-11-21 22:31 11304 c:\windows\maxdriver\imagedrv.sys + 2006-10-16 08:02 . 2006-10-16 08:02 27328 c:\windows\maxdriver\iLokDrvr.sys + 2004-08-04 04:14 . 2004-08-04 10:00 52736 c:\windows\maxdriver\i8042prt.sys + 2004-08-11 22:44 . 2004-08-04 04:00 18560 c:\windows\maxdriver\i2omp.sys + 2007-10-07 10:59 . 2007-03-08 04:20 21568 c:\windows\maxdriver\HPZius12.sys + 2007-10-07 11:03 . 2007-03-08 04:20 16496 c:\windows\maxdriver\HPZipr12.sys + 2007-10-07 11:03 . 2007-03-08 04:20 49920 c:\windows\maxdriver\HPZid412.sys + 2004-08-11 22:42 . 2001-08-17 19:07 25952 c:\windows\maxdriver\hpn.sys + 2010-05-24 22:55 . 2010-05-27 01:31 15944 c:\windows\maxdriver\hitmanpro35.sys + 2004-08-04 04:08 . 2004-08-04 10:00 24960 c:\windows\maxdriver\hidparse.sys + 2004-08-04 04:08 . 2004-08-04 10:00 36224 c:\windows\maxdriver\hidclass.sys + 2010-03-20 14:48 . 2009-05-18 18:17 26600 c:\windows\maxdriver\GEARAspiWDM.sys + 2001-08-17 18:57 . 2004-08-04 10:00 12160 c:\windows\maxdriver\fsvga.sys + 2004-08-04 03:59 . 2004-08-04 10:00 20480 c:\windows\maxdriver\flpydisk.sys + 2004-08-11 22:00 . 2004-08-04 10:00 34944 c:\windows\maxdriver\fips.sys + 2004-08-04 03:59 . 2004-08-04 10:00 27392 c:\windows\maxdriver\fdc.sys + 2006-07-01 16:43 . 2004-10-26 00:02 21664 c:\windows\maxdriver\Entech.sys + 2004-08-04 04:00 . 2004-08-04 10:00 71040 c:\windows\maxdriver\dxg.sys + 2004-08-11 22:00 . 2004-08-04 10:00 10496 c:\windows\maxdriver\dxapi.sys + 2006-09-25 21:47 . 2006-09-25 21:47 23552 c:\windows\maxdriver\dsNcAdpt.sys + 2006-06-21 04:41 . 2004-11-23 07:56 40480 c:\windows\maxdriver\drvnddm.sys + 2006-06-21 04:41 . 2004-12-01 08:22 87488 c:\windows\maxdriver\drvmcdb.sys + 2006-06-21 04:27 . 2004-08-04 03:08 60288 c:\windows\maxdriver\drmk.sys + 2004-08-11 22:40 . 2001-08-17 19:07 20192 c:\windows\maxdriver\dpti2o.sys + 2006-06-21 04:28 . 2004-08-04 04:07 52864 c:\windows\maxdriver\DMusic.sys + 2004-08-11 22:00 . 2004-08-04 10:00 14208 c:\windows\maxdriver\diskdump.sys + 2004-08-04 03:59 . 2004-08-04 10:00 36352 c:\windows\maxdriver\disk.sys + 2010-02-07 04:14 . 2006-12-09 03:50 11776 c:\windows\maxdriver\diginet.sys + 2010-02-07 04:14 . 2006-12-09 03:50 17408 c:\windows\maxdriver\dgfwboot.sys + 2004-08-11 22:46 . 2001-08-17 18:52 14720 c:\windows\maxdriver\dac960nt.sys + 2004-08-04 03:59 . 2004-08-04 10:00 36480 c:\windows\maxdriver\crusoe.sys + 2001-08-17 18:24 . 2004-08-04 10:00 11776 c:\windows\maxdriver\cpqdap01.sys + 2004-08-11 22:41 . 2001-08-17 18:52 14976 c:\windows\maxdriver\cpqarray.sys + 2006-06-21 04:12 . 2004-08-04 04:07 14080 c:\windows\maxdriver\CmBatt.sys + 2004-08-11 22:00 . 2004-08-04 10:00 49664 c:\windows\maxdriver\classpnp.sys + 2004-08-04 03:59 . 2004-08-04 10:00 49536 c:\windows\maxdriver\cdrom.sys + 2004-08-11 22:00 . 2004-08-04 10:00 63744 c:\windows\maxdriver\cdfs.sys + 2001-08-17 18:52 . 2004-08-04 10:00 18688 c:\windows\maxdriver\cdaudio.sys + 2001-08-17 18:52 . 2001-08-17 18:52 13952 c:\windows\maxdriver\cbidf2k.sys + 2004-08-11 22:00 . 2004-08-04 10:00 71552 c:\windows\maxdriver\bridge.sys + 2006-06-21 04:04 . 2005-08-05 14:32 45312 c:\windows\maxdriver\bcm4sbxp.sys + 2006-06-21 04:12 . 2001-08-17 18:57 14080 c:\windows\maxdriver\battc.sys + 2004-08-11 22:00 . 2004-08-04 10:00 55936 c:\windows\maxdriver\atmlane.sys + 2004-08-11 22:00 . 2004-08-04 10:00 31360 c:\windows\maxdriver\atmepvc.sys + 2004-08-11 22:00 . 2004-08-04 10:00 59904 c:\windows\maxdriver\atmarpc.sys + 2004-08-04 03:59 . 2004-08-04 03:59 95360 c:\windows\maxdriver\atapi.sys + 2004-08-11 22:00 . 2004-08-04 10:00 14336 c:\windows\maxdriver\asyncmac.sys + 2004-08-11 22:46 . 2001-08-17 18:51 14848 c:\windows\maxdriver\asc3550.sys + 2004-08-11 22:46 . 2001-08-17 18:52 22400 c:\windows\maxdriver\asc3350p.sys + 2004-08-11 22:46 . 2001-08-17 18:52 26496 c:\windows\maxdriver\asc.sys + 2004-08-04 03:58 . 2004-08-04 10:00 60800 c:\windows\maxdriver\arp1394.sys + 2006-06-21 04:29 . 2005-08-12 22:50 16128 c:\windows\maxdriver\APPDRV.SYS + 2004-08-11 22:46 . 2001-08-17 18:52 12032 c:\windows\maxdriver\amsint.sys + 2004-08-04 03:59 . 2004-08-04 10:00 37376 c:\windows\maxdriver\amdk7.sys + 2004-08-04 03:59 . 2004-08-04 10:00 36992 c:\windows\maxdriver\amdk6.sys + 2004-08-11 22:29 . 2004-08-04 04:07 43008 c:\windows\maxdriver\AMDAGP.SYS + 2004-08-11 22:29 . 2004-08-04 04:07 42752 c:\windows\maxdriver\ALIM1541.SYS + 2004-08-11 22:39 . 2001-08-17 19:07 56960 c:\windows\maxdriver\aic78xx.sys + 2004-08-11 22:39 . 2001-08-17 19:07 55168 c:\windows\maxdriver\aic78u2.sys + 2004-08-11 22:38 . 2001-08-17 18:52 12800 c:\windows\maxdriver\aha154x.sys + 2004-08-11 22:35 . 2004-08-04 04:07 44928 c:\windows\maxdriver\AGPCPQ.SYS + 2004-08-11 22:08 . 2004-08-04 04:07 42368 c:\windows\maxdriver\AGP440.SYS + 2006-06-21 04:26 . 2010-05-22 02:06 21361 c:\windows\maxdriver\AegisP.sys + 2001-08-17 18:57 . 2004-08-04 10:00 11648 c:\windows\maxdriver\acpiec.sys + 2004-08-11 22:46 . 2001-08-17 18:52 23552 c:\windows\maxdriver\ABP480N5.SYS + 2006-06-21 04:13 . 2004-08-04 04:10 53248 c:\windows\maxdriver\1394bus.sys + 2004-08-11 22:00 . 2004-08-04 10:00 4352 c:\windows\maxdriver\wmilib.sys + 2004-08-11 22:50 . 2004-08-04 03:59 5376 c:\windows\maxdriver\viaide.sys + 2001-08-17 19:03 . 2004-08-04 10:00 4736 c:\windows\maxdriver\usbd.sys + 2004-05-17 05:18 . 2004-05-17 05:18 8573 c:\windows\maxdriver\tosrfec.sys + 2004-08-11 22:50 . 2001-08-17 18:51 4992 c:\windows\maxdriver\toside.sys + 2005-07-11 08:58 . 2005-07-11 08:58 3712 c:\windows\maxdriver\toshidpt.sys + 2004-08-04 03:58 . 2004-08-04 03:58 4352 c:\windows\maxdriver\swenum.sys + 2006-06-21 04:41 . 2004-07-14 16:29 5627 c:\windows\maxdriver\sscdbhk5.sys + 2006-06-21 04:28 . 2006-06-14 08:47 6400 c:\windows\maxdriver\splitter.sys + 2004-08-11 22:00 . 2004-08-04 10:00 5888 c:\windows\maxdriver\rootmdm.sys + 2004-08-11 22:00 . 2004-08-04 10:00 4224 c:\windows\maxdriver\rdpcdd.sys + 2004-08-11 22:00 . 2004-08-04 10:00 8832 c:\windows\maxdriver\rasacd.sys + 2004-08-11 22:42 . 2001-08-17 19:07 5504 c:\windows\maxdriver\perc2hib.sys + 2001-08-17 18:51 . 2001-08-17 18:51 3328 c:\windows\maxdriver\pciide.sys + 2006-07-01 16:43 . 2001-11-19 22:05 3972 c:\windows\maxdriver\PciBus.sys + 2004-08-11 22:00 . 2004-08-04 10:00 6784 c:\windows\maxdriver\parvdm.sys + 2001-08-17 18:57 . 2004-08-04 10:00 3456 c:\windows\maxdriver\oprghdlr.sys + 2004-08-11 22:00 . 2004-08-04 10:00 2944 c:\windows\maxdriver\null.sys + 2004-08-11 22:00 . 2004-08-04 10:00 9600 c:\windows\maxdriver\ndistapi.sys + 2006-06-21 04:28 . 2004-08-04 03:58 4992 c:\windows\maxdriver\MSPQM.sys + 2006-06-21 04:28 . 2004-08-04 03:58 5376 c:\windows\maxdriver\MSPCLOCK.sys + 2006-06-21 04:28 . 2004-08-04 03:58 7552 c:\windows\maxdriver\MSKSSRV.sys + 2004-08-11 22:00 . 2004-08-04 10:00 4224 c:\windows\maxdriver\mnmdd.sys + 2004-08-11 22:00 . 2004-08-04 10:00 7680 c:\windows\maxdriver\mcd.sys + 2004-08-11 22:08 . 2004-08-04 03:59 5504 c:\windows\maxdriver\intelide.sys + 2004-08-11 22:44 . 2004-08-04 04:00 8192 c:\windows\maxdriver\i2omgmt.sys + 2007-08-26 23:10 . 2001-08-17 18:02 9600 c:\windows\maxdriver\hidusb.sys + 2004-08-11 22:00 . 2004-08-04 10:00 7936 c:\windows\maxdriver\fs_rec.sys + 2006-06-21 04:13 . 2001-08-17 18:46 6400 c:\windows\maxdriver\enum1394.sys + 2004-08-11 22:00 . 2004-08-04 10:00 3328 c:\windows\maxdriver\dxgthk.sys + 2006-06-21 04:28 . 2004-08-04 04:07 2944 c:\windows\maxdriver\drmkaud.sys + 2004-08-11 22:00 . 2004-08-04 10:00 5888 c:\windows\maxdriver\dmload.sys + 2007-01-18 20:28 . 2007-01-18 20:28 5275 c:\windows\maxdriver\CVirtA.sys + 2006-06-21 04:12 . 2001-08-17 18:58 9344 c:\windows\maxdriver\compbatt.sys + 2004-08-11 22:48 . 2001-08-17 18:51 6656 c:\windows\maxdriver\cmdide.sys + 2004-08-11 22:45 . 2001-08-17 18:52 7680 c:\windows\maxdriver\cd20xrnt.sys + 2004-08-11 22:00 . 2004-08-04 10:00 4224 c:\windows\maxdriver\beep.sys + 2004-08-11 22:09 . 2001-08-17 18:59 3072 c:\windows\maxdriver\audstub.sys + 2004-08-11 22:48 . 2001-08-17 18:51 5248 c:\windows\maxdriver\aliide.sys + 2004-08-11 22:00 . 2010-05-27 21:09 442796 c:\windows\system32\perfh009.dat + 2004-08-04 04:08 . 2005-10-25 23:39 143104 c:\windows\maxdriver\usbport.sys + 2004-08-11 22:00 . 2007-04-23 10:32 364160 c:\windows\maxdriver\update.sys + 2002-08-01 11:53 . 2002-08-01 11:53 160672 c:\windows\maxdriver\tosrfpcc.sys + 2006-01-20 07:08 . 2006-01-20 07:08 108928 c:\windows\maxdriver\tosrfbd.sys + 2004-08-11 22:00 . 2010-02-11 12:01 226880 c:\windows\maxdriver\tcpip6.sys + 2004-08-11 22:00 . 2008-06-20 10:45 360320 c:\windows\maxdriver\tcpip.sys + 2006-06-21 04:30 . 2005-11-29 16:36 191936 c:\windows\maxdriver\SynTP.sys + 2004-08-11 22:00 . 2009-12-31 16:14 352640 c:\windows\maxdriver\srv.sys + 2009-01-11 23:28 . 2009-01-11 23:28 717296 c:\windows\maxdriver\sptd.sys + 2010-05-20 22:42 . 2009-04-08 21:20 572544 c:\windows\maxdriver\RTL8192su.sys + 2004-08-11 22:00 . 2008-05-08 12:28 202752 c:\windows\maxdriver\rmcast.sys + 2006-06-21 04:04 . 2005-10-14 13:40 307968 c:\windows\maxdriver\rixdptsk.sys + 2004-08-11 22:11 . 2005-06-10 04:09 139528 c:\windows\maxdriver\rdpwd.sys + 2004-08-11 22:11 . 2004-08-04 04:01 196864 c:\windows\maxdriver\rdpdr.sys + 2004-08-11 22:00 . 2006-05-05 09:47 174592 c:\windows\maxdriver\rdbss.sys + 2004-03-16 16:58 . 2004-03-16 16:58 136960 c:\windows\maxdriver\portcls.sys + 2004-08-04 04:07 . 2004-08-04 10:00 119936 c:\windows\maxdriver\pcmcia.sys + 2004-08-11 22:00 . 2006-10-13 10:23 163584 c:\windows\maxdriver\nwrdr.sys + 2004-08-11 22:00 . 2007-02-09 11:10 574464 c:\windows\maxdriver\ntfs.sys + 2004-08-11 22:00 . 2004-08-04 10:00 162816 c:\windows\maxdriver\netbt.sys + 2004-08-11 22:00 . 2004-08-04 10:00 182912 c:\windows\maxdriver\ndis.sys + 2004-08-11 22:00 . 2004-08-04 10:00 107904 c:\windows\maxdriver\mup.sys + 2004-08-11 22:00 . 2010-02-24 12:31 454016 c:\windows\maxdriver\mrxsmb.sys + 2004-08-11 22:00 . 2007-12-18 09:51 179584 c:\windows\maxdriver\mrxdav.sys + 2009-05-05 01:15 . 2009-07-16 16:32 120136 c:\windows\maxdriver\Mpfp.sys + 2009-05-05 01:15 . 2009-09-16 14:22 214664 c:\windows\maxdriver\mfehidk.sys + 2010-02-07 17:04 . 2005-09-24 03:18 171520 c:\windows\maxdriver\MarvinBus.sys + 2004-08-04 04:15 . 2004-08-04 03:15 140928 c:\windows\maxdriver\ks.sys + 2006-06-21 04:28 . 2006-06-14 08:47 172416 c:\windows\maxdriver\kmixer.sys + 2004-08-11 22:00 . 2004-09-29 22:28 134912 c:\windows\maxdriver\ipnat.sys + 2007-11-21 22:31 . 2007-11-21 22:31 132904 c:\windows\maxdriver\imagesrv.sys + 2004-08-04 04:00 . 2009-10-20 14:58 263552 c:\windows\maxdriver\http.sys + 2006-06-21 04:04 . 2005-07-22 01:01 201600 c:\windows\maxdriver\HSFHWAZL.sys + 2006-06-21 04:04 . 2005-07-22 01:01 717952 c:\windows\maxdriver\HSF_CNXT.sys + 2004-08-12 22:45 . 2004-08-12 22:45 113664 c:\windows\maxdriver\Hdaudio.sys + 2004-08-12 22:45 . 2004-08-12 22:45 137728 c:\windows\maxdriver\Hdaudbus.sys + 2001-08-17 18:52 . 2001-08-17 18:52 125056 c:\windows\maxdriver\ftdisk.sys + 2004-08-11 22:12 . 2006-08-21 09:14 128896 c:\windows\maxdriver\fltmgr.sys + 2004-08-11 22:00 . 2004-08-04 10:00 143360 c:\windows\maxdriver\fastfat.sys + 2004-08-11 22:09 . 2001-08-17 17:12 117760 c:\windows\maxdriver\e100b325.sys + 2008-03-14 23:37 . 2007-01-31 17:45 127376 c:\windows\maxdriver\dne2000.sys + 2004-08-11 22:00 . 2004-08-04 10:00 153344 c:\windows\maxdriver\dmio.sys + 2004-08-11 22:00 . 2004-08-04 10:00 799744 c:\windows\maxdriver\dmboot.sys + 2004-08-11 22:46 . 2001-08-17 18:52 179584 c:\windows\maxdriver\dac2w2k.sys + 2007-10-26 18:27 . 2007-10-26 18:27 306300 c:\windows\maxdriver\CVPNDRVA.sys + 2006-06-21 04:33 . 2005-05-25 07:34 158464 c:\windows\maxdriver\ctusfsyn.sys + 2006-06-21 04:33 . 2005-01-10 08:15 138752 c:\windows\maxdriver\ctsfm2k.sys + 2006-06-21 04:33 . 2005-01-10 08:15 106496 c:\windows\maxdriver\ctoss2k.sys + 2001-08-17 19:02 . 2004-08-04 10:00 262528 c:\windows\maxdriver\cinemst2.sys + 2008-06-11 05:50 . 2008-06-13 13:10 272128 c:\windows\maxdriver\bthport.sys + 2004-08-11 22:00 . 2004-08-04 10:00 352256 c:\windows\maxdriver\atmuni.sys + 2004-08-11 22:00 . 2008-08-14 09:51 138368 c:\windows\maxdriver\afd.sys + 2006-06-21 04:28 . 2006-02-15 00:22 142464 c:\windows\maxdriver\aec.sys + 2004-08-11 22:39 . 2001-08-17 19:07 101888 c:\windows\maxdriver\adpu160m.sys + 2004-08-04 04:07 . 2004-08-04 10:00 187776 c:\windows\maxdriver\acpi.sys + 2006-06-21 04:03 . 2005-12-04 14:55 1428096 c:\windows\maxdriver\w39n51.sys + 2006-06-21 04:04 . 2005-11-16 19:36 1047816 c:\windows\maxdriver\sthda.sys + 2004-08-11 22:08 . 2004-08-04 03:29 1897408 c:\windows\maxdriver\nv4_mini.sys + 2006-06-21 04:33 . 2006-01-04 05:41 1389056 c:\windows\maxdriver\monfilt.sys + 2006-06-21 04:04 . 2005-07-22 01:02 1035008 c:\windows\maxdriver\HSF_DPV.sys + 2006-06-21 04:04 . 2006-02-16 04:39 1421312 c:\windows\maxdriver\ati2mtag.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-26 615696] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440] "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752] "HipServ Agent"="c:\program files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe" [2009-09-28 2437376] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-24 5937984] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-3-14 6144] Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-131 revA\wirelesscm.exe [2010-5-20 496896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MIDI2"=diomidi.dll "wave2"=Digi32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-04-06 19:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-02-22 17:00 49152 ----a-w- c:\dell\E-Center\GTB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2006-06-21 04:51 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-12-14 00:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSVC"=2 (0x2) "WLANKEEPER"=2 (0x2) "S24EventMonitor"=2 (0x2) "RegSrvc"=3 (0x3) "PEVSystemStart"=2 (0x2) "NMIndexingService"=3 (0x3) "MpfService"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "dsNcService"=2 (0x2) "DigiRefresh"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\rsync.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\ssh.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraPicturesWizard.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraSmartShortcut.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\HipServAgent\\HipServAgent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/20/2010 6:42 PM 572544] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/25/2010 7:44 PM 28552] S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2/7/2010 12:14 AM 11776] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/4/2009 9:18 PM 210216] S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [11/4/2007 11:54 AM 10951] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 11:07 AM 493248] S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/20/2010 6:42 PM 20480] S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-131 revA\WLSVC.exe [5/20/2010 6:42 PM 167936] S4 ROVA_Srvc;ROVA Service;c:\program files\ROVA Update\rovasrvc.exe [10/9/2007 6:53 AM 83536] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 7:28 PM 717296] . Contents of the 'Scheduled Tasks' folder 2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-05 16:22] 2010-05-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-05 16:22] 2010-05-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Michael Fredericks\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-27 17:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-05-27 17:17:57 ComboFix-quarantined-files.txt 2010-05-27 21:17 ComboFix2.txt 2010-05-26 23:26 Pre-Run: 11,485,233,152 bytes free Post-Run: 11,518,754,816 bytes free - - End Of File - - 0CF6A1E59469BEE94F45585B05ACC67A
  11. Run from C:\Documents and Settings\Michael Fredericks\Desktop\maxlook.exe on Thu 05/27/2010 at 15:40:14.35--------- maxlook unsigned files --------- c:\windows\maxdriver\AegisP.sys: Verified: Unsigned File date: 10:06 PM 5/21/2010 Publisher: Cisco Systems, Inc. Description: IEEE 802.1X Protocol Driver Product: AEGIS Protocol 3.7.5.0 Version: 3.7.5.0 File version: 3.7.5.0 c:\windows\maxdriver\APPDRV.SYS: Verified: Unsigned File date: 6:50 PM 8/12/2005 Publisher: Dell Inc Description: App Support Driver Product: Application Driver Version: 1, 0, 1, 1 File version: 1, 0, 1, 1 c:\windows\maxdriver\CVPNDRVA.sys: Verified: Unsigned File date: 2:27 PM 10/26/2007 Publisher: Cisco Systems, Inc. Description: Cisco Systems VPN Client IPSec Driver Product: Cisco Systems VPN Client Version: 5.0.02.0090 File version: 5.0.02.0090 c:\windows\maxdriver\dgfwboot.sys: Verified: Unsigned File date: 11:50 PM 12/8/2006 Publisher: Digidesign, A Division of Avid Technology, Inc. Description: Mbox 2 Pro Bootloader Driver (WDM) Product: Pro Tools
  12. Thank you! Log: ComboFix 10-05-26.01 - Michael Fredericks 05/26/2010 19:17:44.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1639 [GMT -4:00] Running from: c:\documents and settings\Michael Fredericks\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\vb40032.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\i386\proquota.exe . ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-26 23:23 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe 2010-05-26 23:04 . 2010-05-26 23:04 -------- d--h--w- c:\windows\PIF 2010-05-26 00:18 . 2010-05-26 00:18 1691 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\.purple\certificates\x509\tls_peers\api.screenname.aol.com 2010-05-25 23:45 . 2010-05-25 23:45 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-05-25 23:44 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-25 23:38 . 2010-05-25 23:38 -------- d-----w- c:\program files\Panda Security 2010-05-25 03:01 . 2010-05-25 03:01 94864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 01:15 . 2010-05-25 01:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-05-24 23:32 . 2010-05-24 23:32 -------- d-----w- c:\program files\Trend Micro 2010-05-24 23:02 . 2010-05-24 23:02 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-05-24 22:55 . 2010-05-26 02:22 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-24 22:55 . 2010-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-05-23 17:03 . 2010-05-23 17:03 -------- d-----w- c:\documents and settings\Michael Fredericks\Local Settings\Application Data\gicbhqiwt 2010-05-22 04:48 . 2010-05-22 04:48 -------- d-----w- c:\program files\iPod 2010-05-22 04:48 . 2010-05-22 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-22 04:40 . 2010-05-22 04:40 -------- d-----w- c:\program files\Bonjour 2010-05-22 04:37 . 2010-05-22 04:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-22 04:08 . 2010-05-22 04:08 -------- d-----w- c:\program files\Network Stumbler 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\D-Link 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\windows\pcidevice 2010-05-20 22:42 . 2009-04-08 21:20 572544 ----a-w- c:\windows\system32\drivers\RTL8192su.sys 2010-05-20 22:42 . 2010-05-20 22:42 -------- d-----w- c:\program files\D-Link 2010-05-20 22:42 . 2008-02-27 14:54 20480 ----a-w- c:\windows\system32\wlndis50.sys 2010-05-20 22:42 . 2008-02-27 14:54 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 01:43 . 2007-08-19 22:53 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\.purple 2010-05-24 11:32 . 2009-05-05 00:28 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\uTorrent 2010-05-24 10:25 . 2007-06-09 13:25 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\Apple Computer 2010-05-23 20:55 . 2009-05-02 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 04:49 . 2008-09-10 01:39 -------- d-----w- c:\program files\iTunes 2010-05-22 04:48 . 2007-08-29 22:25 -------- d-----w- c:\program files\Common Files\Apple 2010-05-22 04:44 . 2009-06-27 12:40 -------- d-----w- c:\program files\QuickTime 2010-05-22 02:06 . 2006-06-21 04:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-20 22:42 . 2006-06-21 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-12 23:15 . 2009-05-06 12:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-05-12 15:21 . 2009-10-02 18:54 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 19:39 . 2009-05-02 01:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-05-02 01:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 18:52 . 2007-11-17 18:59 2792 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\wklnhst.dat 2010-04-26 01:17 . 2008-12-19 03:18 256 ----a-w- c:\windows\system32\pool.bin 2010-04-26 01:02 . 2010-04-26 01:02 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\Blackberry Desktop 2010-04-21 23:23 . 2010-04-21 23:23 64505 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\NeuLion\AdaptivePlugin\uninst.exe 2010-04-21 23:23 . 2010-04-21 23:23 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\NeuLion 2010-04-14 10:55 . 2009-12-02 20:59 79488 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-03 06:49 . 2009-05-05 01:13 -------- d-----w- c:\program files\McAfee 2010-04-03 06:48 . 2009-05-05 00:28 -------- d-----w- c:\program files\uTorrent 2010-04-02 15:28 . 2010-04-02 15:28 -------- d-----w- c:\documents and settings\Michael Fredericks\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1 2010-04-02 15:28 . 2010-04-02 15:28 -------- d-----w- c:\program files\iTunesExport 2010-04-02 15:28 . 2010-04-02 15:28 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-02 15:27 . 2010-04-02 15:28 38784 ----a-w- c:\documents and settings\Michael Fredericks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-10 08:02 . 2004-08-11 22:00 417792 ----a-w- c:\windows\system32\vbscript.dll 2010-02-28 13:13 . 2010-02-17 00:22 367958 ----a-r- c:\documents and settings\Michael Fredericks\Application Data\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\UNINST_Uninstall_H_9ED9CE66B43A4E08B55CA91255271E02.exe 2010-02-28 13:13 . 2010-02-17 00:22 367958 ----a-r- c:\documents and settings\Michael Fredericks\Application Data\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\ARPPRODUCTICON.exe 2010-02-26 06:05 . 2004-08-11 22:00 668672 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 06:05 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-05-29 02:02 . 2006-07-02 08:25 88 --sh--r- c:\windows\system32\7F1AA10217.sys 2009-05-29 02:02 . 2006-07-02 08:25 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "ROVATray"="c:\program files\ROVA\rovatray.exe" [2007-02-09 143360] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-26 615696] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440] "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752] "HipServ Agent"="c:\program files\Netgear\Stora Desktop Applications\HipServAgent\HipServAgent.exe" [2009-09-28 2437376] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-24 5937984] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-3-14 6144] Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-131 revA\wirelesscm.exe [2010-5-20 496896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MIDI2"=diomidi.dll "wave2"=Digi32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-04-06 19:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-02-22 17:00 49152 ----a-w- c:\dell\E-Center\GTB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2006-06-21 04:51 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-12-14 00:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSVC"=2 (0x2) "WLANKEEPER"=2 (0x2) "S24EventMonitor"=2 (0x2) "RegSrvc"=3 (0x3) "PEVSystemStart"=2 (0x2) "NMIndexingService"=3 (0x3) "MpfService"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "dsNcService"=2 (0x2) "DigiRefresh"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\rsync.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\DesktopMirror\\ssh.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraPicturesWizard.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\QuickConnect\\AxentraSmartShortcut.exe"= "c:\\Program Files\\Netgear\\Stora Desktop Applications\\HipServAgent\\HipServAgent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/20/2010 6:42 PM 572544] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/25/2010 7:44 PM 28552] S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2/7/2010 12:14 AM 11776] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/4/2009 9:18 PM 210216] S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [11/4/2007 11:54 AM 10951] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 11:07 AM 493248] S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/20/2010 6:42 PM 20480] S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-131 revA\WLSVC.exe [5/20/2010 6:42 PM 167936] S4 ROVA_Srvc;ROVA Service;c:\program files\ROVA Update\rovasrvc.exe [10/9/2007 6:53 AM 83536] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 7:28 PM 717296] . Contents of the 'Scheduled Tasks' folder 2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-05 16:22] 2010-05-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-05 16:22] 2010-05-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Michael Fredericks\Application Data\Mozilla\Firefox\Profiles\91ztg4f8.default\ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Michael Fredericks\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-SetDefaultMIDI - MIDIDef.exe HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe HKLM-Run-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe MSConfigStartUp-VoiceCenter - c:\program files\Creative\VoiceCenter\AndreaVC.exe MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-26 19:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-05-26 19:26:20 ComboFix-quarantined-files.txt 2010-05-26 23:26 Pre-Run: 10,262,401,024 bytes free Post-Run: 11,148,500,992 bytes free - - End Of File - - B363F3393A0D364132C5CD4ED2863D1C
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.