C0nd0r

Members
  • Content count

    1
  • Joined

  • Last visited

About C0nd0r

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Ran Malwarebytes, Spybot S&D, Webroot essentials, Ad-Aware, HitMan Pro and Combofix. Still have redirect problem in Google. I use Firefox. Here is my last Combofix, Any help will great. ComboFix 10-07-29.01 - Patrick 07/30/2010 21:26:42.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1405 [GMT -5:00] Running from: c:\documents and settings\Patrick\My Documents\Downloads\ComboFix.exe AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597} FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))) . 2010-07-30 22:00 . 2010-07-30 22:01 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\AskToolbar 2010-07-30 20:56 . 2010-07-30 20:56 -------- d-----w- c:\program files\Ask.com 2010-07-30 20:55 . 2010-07-30 20:55 -------- d-----w- c:\program files\MSSOAP 2010-07-30 20:54 . 2010-07-30 20:53 108808 ----a-w- c:\windows\system32\drivers\pwipf6.sys 2010-07-30 20:54 . 2010-07-30 23:53 -------- d-----w- c:\documents and settings\Patrick\Application Data\Webroot 2010-07-30 20:54 . 2010-07-30 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2010-07-30 20:54 . 2010-07-30 20:54 -------- d-----w- c:\program files\Webroot 2010-07-30 20:54 . 2009-08-31 15:16 1563008 ----a-w- c:\windows\WRSetup.dll 2010-07-30 15:00 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-07-30 13:13 . 2010-07-30 13:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-07-30 13:12 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-07-30 13:12 . 2010-07-30 13:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-07-30 12:39 . 2010-07-30 12:39 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Sunbelt Software 2010-07-30 12:38 . 2010-07-30 12:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-07-30 12:38 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe 2010-07-30 05:26 . 2010-07-30 20:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-07-30 05:24 . 2010-07-30 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-07-30 05:24 . 2010-07-30 05:24 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-07-30 01:02 . 2010-07-30 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-07-29 23:07 . 2010-07-29 23:07 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-07-29 23:07 . 2010-07-29 23:07 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-29 23:07 . 2010-07-29 23:07 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-29 23:07 . 2010-07-29 23:07 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-29 02:17 . 2010-07-29 02:17 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:48 . 2010-07-15 13:48 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-15 13:48 . 2010-07-15 13:48 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-15 13:46 . 2010-07-15 13:46 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-15 13:46 . 2010-07-15 13:46 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-15 13:46 . 2010-07-15 13:46 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-15 13:46 . 2010-07-15 13:46 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-07-15 00:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-07 03:09 . 2010-07-16 03:09 452104 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\setup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-30 12:37 . 2008-05-06 12:36 -------- d-----w- c:\program files\Lavasoft 2010-07-30 04:36 . 2010-07-30 06:23 268800 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat 2010-07-30 03:27 . 2010-06-16 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-30 00:36 . 2004-09-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-30 00:06 . 2005-01-13 22:13 -------- d-----w- c:\program files\TuneUp Utilities 2004 2010-06-24 03:09 . 2010-03-30 00:24 439816 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.10\setup.exe 2010-06-16 22:29 . 2009-08-17 04:15 -------- d-----w- c:\program files\AVG 2010-06-16 21:21 . 2008-12-03 05:01 -------- d-----w- c:\documents and settings\Patrick\Application Data\Zebur 2010-06-15 17:00 . 2010-04-05 06:01 -------- d-----w- c:\documents and settings\Patrick\Application Data\Boxao 2010-06-14 14:31 . 2008-01-12 00:27 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-04 00:48 . 2010-06-04 00:48 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes 2010-06-04 00:48 . 2010-06-04 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-04 00:48 . 2010-06-04 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-03 23:00 . 2010-06-03 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Maxtor 2010-06-03 22:52 . 2010-06-03 22:52 -------- d-----w- c:\program files\Maxtor 2010-06-02 00:54 . 2010-05-30 18:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-30 20:04 . 2010-05-30 20:04 75040 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 10:41 . 2008-01-12 00:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-01-12 00:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2005-10-27 16:37 . 2005-10-27 16:29 8986 ----a-w- c:\program files\Common Files\temp.html . ((((((((((((((((((((((((((((( SnapShot@2010-07-30_04.01.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2009-08-26 15:07 . 2009-08-26 15:07 31088 c:\windows\system32\wrLZMA.dll + 2009-08-26 15:07 . 2009-08-26 15:07 16240 c:\windows\system32\SsiEfr.exe + 2010-07-30 13:12 . 2010-07-12 08:55 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys + 2009-08-26 15:07 . 2009-08-26 15:07 23152 c:\windows\system32\drivers\sshrmd.sys + 2009-08-26 15:07 . 2009-08-26 15:07 29808 c:\windows\system32\drivers\ssfs0bbc.sys + 2008-01-10 17:35 . 2010-07-31 02:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-01-10 17:35 . 2008-10-14 00:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-10 17:35 . 2010-07-31 02:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-01-10 17:35 . 2008-10-14 00:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-07-30 13:13 . 2010-07-31 02:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2010-07-30 13:13 . 2010-07-31 02:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-07-30 20:56 . 2010-07-30 20:56 40960 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe + 2010-07-30 20:54 . 2010-07-30 20:54 10134 c:\windows\Installer\{3F5B6210-0903-4DC6-8034-8F488AA3A782}\ARPPRODUCTICON.exe + 2010-07-30 20:55 . 2010-07-30 20:55 10134 c:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe + 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-08-26 15:07 . 2009-08-26 15:07 176752 c:\windows\system32\drivers\ssidrv.sys + 2007-03-03 03:45 . 2009-08-31 15:09 511328 c:\windows\system32\capicom.dll + 2010-07-30 12:37 . 2010-07-30 12:37 236032 c:\windows\Installer\1aa8a1c.msi + 2010-07-30 20:56 . 2010-07-30 20:56 967168 c:\windows\Installer\1681a9.msi + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2010-07-30 12:38 . 2010-07-30 12:38 1866752 c:\windows\Installer\1aa8a26.msi + 2010-07-30 20:55 . 2010-07-30 20:55 1473024 c:\windows\Installer\1681a3.msi + 2010-07-30 20:54 . 2010-07-30 20:54 2981376 c:\windows\Installer\16819d.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-08-31 15:09 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-17 185896] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-04 98304] "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-08-31 6515784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-9-26 114688] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0\bin\jusched.exe "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "P17Helper"=Rundll32 P17.dll,P17Helper "NeroCheck"=c:\windows\system32\NeroCheck.exe "Alcmtr"=ALCMTR.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Freeciv-1.14.0\\civserver.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/30/2010 8:12 AM 64288] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/26/2009 10:07 AM 29808] R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/30/2010 3:54 PM 108808] R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [11/26/2006 2:50 PM 4832] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1352832] R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [11/26/2006 2:50 PM 6816] R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [11/26/2006 2:50 PM 6336] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/30/2010 3:56 PM 1201640] R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2/9/2010 1:22 AM 54416] R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2/9/2010 1:22 AM 160272] R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2/9/2010 1:22 AM 160272] R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2/9/2010 1:22 AM 11920] R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2/9/2010 1:22 AM 113680] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [9/15/2004 4:30 PM 96256] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1/11/2008 9:37 PM 24944] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 4:43 PM 32408] . Contents of the 'Scheduled Tasks' folder 2010-07-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-08-11 00:44] 2010-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55] 2010-07-31 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] 2010-07-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06] 2010-07-31 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2006-04-18 16:09] 2008-01-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-12-18 20:45] 2010-07-30 c:\windows\Tasks\wrSpySweeper_L906B5FE7CFA54109A3B3C0AF26BBA2E4.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-07-30 15:16] 2010-07-30 c:\windows\Tasks\wrSpySweeper_L906B5FE7CFA54109A3B3C0AF26BBA2E4.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-07-30 15:16] 2010-07-30 c:\windows\Tasks\wrSpySweeper_LB614A2D8C0AE4ED8A55AF842ED9717A7.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-07-30 15:16] 2010-07-30 c:\windows\Tasks\wrSpySweeper_LB614A2D8C0AE4ED8A55AF842ED9717A7.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-07-30 15:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: {B944FD4B-AC3B-4F2E-B84D-649E909FA467} - hxxp://www.mtsu.edu/~aerodept/probook2011.cab FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\3om13j5k.Default User\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\3om13j5k.Default User\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-30 21:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x896F8EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba13cf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9e3a852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap] @DACL=(02 0000) @="bootstrap.xaml.1" [HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap] @DACL=(02 0000) @="bootstrap.xbap.1" [HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap] @DACL=(02 0000) @="bootstrap.xps.1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\: