Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i have a nasty virus............

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i have a nasty virus............

Unread postby phound » May 29th, 2009, 8:01 am

Help!!! I think I have a nasty friggin virus.

Now, the problem is that I can't access my task manager through ctrl+alt+del. Everytime I try to, I get task manager has been disabled by your administrator.
I can't run regedit from the RUN function. Everytime I try, it also says it has been disabled by the administrator.
I can't restart in safe mode. Everytime I try that, a blue screen pops up and says a bunch of stuff I don't remember but along the lines of "Run CHKDSK/F blah, blah, blah. It does'nt actually say blah, blah, blah.
I can't use the system restore function.
I can't run spybot search & destroy.
I can't defrag.
The internet is running extremely slow.
When I left click items in my folder, say to delete it, my pc freezes.

I was told I should download and run Malwarebytes. That got rid of some of the problems cause now I don't have to restart my pc 10 friggin times just to log on to my account.

I've received some help from another site that had me run the mbr, combofix, etc. But know I'm not receiving their post on their site which is making this extremely difficult.

So below is the information you need. I hope I can get help with this pesky friggin problem. THANKS!!!!

This is the HIJACKTHIS Log>>>>>>>>>>>

Logfile of HijackThis v1.99.1
Scan saved at 7:46:21 AM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\pvmser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
C:\WINDOWS\TEMP\winvhqrt.exe
C:\WINDOWS\TEMP\ptmqu.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Al\My Documents\Al\Appz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://pximg2.photo.epson.com/pixami/PixamiEpson.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/L ... ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2307570546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2829873062
O16 - DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} (GenimoWebGames Control) - http://games.bigfishgames.com/en_butter ... ontrol.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_myster ... uncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


This is the COMBOFIX Log than I ran on request from the other site. I don't know if it will help but I figured I should inform you on what I've already done in order to fix this pesky problem>>>>>>>>>>>>>>>>>

ComboFix 09-05-25.08 - Al 05/26/2009 8:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.172 [GMT -4:00]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: AT&T Internet Security Suite AT&T Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Al\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\sys_dll.dll
c:\windows\system32\uninstall.exe
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe . . . is infected!!
c:\windows\system32\proquota.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-25 01:37 . 2009-05-25 01:37 -------- d-----w c:\documents and settings\Al\Application Data\Safer Networking
2009-05-25 01:30 . 2009-05-25 01:30 -------- d-----w c:\program files\Safer Networking
2009-05-25 00:06 . 2009-05-25 00:06 -------- d-----w c:\program files\iPod
2009-05-24 05:34 . 2009-05-24 05:34 -------- d-----w c:\documents and settings\genevaw\Application Data\Malwarebytes
2009-05-24 04:20 . 2009-05-24 04:20 -------- d-----w c:\documents and settings\willie williams\Application Data\Malwarebytes
2009-05-24 03:43 . 2009-05-24 03:43 -------- d-----w c:\documents and settings\willie williams\Application Data\ImgBurn
2009-05-24 00:18 . 2009-05-25 00:08 -------- d-----w c:\program files\iTunes
2009-05-24 00:18 . 2009-05-24 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 00:17 . 2009-05-24 00:17 -------- d-----w c:\program files\Bonjour
2009-05-24 00:14 . 2009-03-26 19:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-23 11:52 . 2009-05-23 11:55 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-05-22 12:59 . 2009-05-22 13:52 -------- d-----w c:\documents and settings\Al\Application Data\GrabPro
2009-05-22 04:01 . 2009-05-22 04:06 -------- d-----w c:\documents and settings\Guest\Application Data\ATTTOOLBAR
2009-05-20 19:12 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\documents and settings\Al\Application Data\Malwarebytes
2009-05-20 04:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 04:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-14 14:41 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-14 14:41 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-05-14 14:41 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-14 14:41 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-14 14:41 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-14 14:41 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-14 14:41 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-14 14:41 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-14 14:41 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-14 14:38 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 14:25 . 2008-05-01 14:30 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-14 14:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-14 14:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-14 13:50 . 2009-05-14 13:50 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-13 13:30 . 2009-05-13 13:30 1948616 ----a-w c:\documents and settings\Al\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-12 20:58 . 2009-05-12 21:11 -------- d-----w c:\program files\Sony
2009-05-11 02:42 . 2009-05-11 02:43 -------- d-----w c:\program files\Any Video Converter
2009-05-10 18:25 . 2009-05-10 18:25 -------- d-----w c:\documents and settings\genevaw\Local Settings\Application Data\SupportSoft
2009-05-10 15:23 . 2009-05-10 15:23 -------- d-----w c:\documents and settings\Al\Local Settings\Application Data\SupportSoft
2009-05-10 15:05 . 2009-05-10 15:05 -------- d-----w c:\documents and settings\willie williams\Local Settings\Application Data\SupportSoft
2009-05-10 15:04 . 2009-05-10 15:04 69120 ----a-w c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\PC-Doctor
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-05-10 15:03 . 2009-05-10 15:03 -------- d-----w c:\program files\Dell Support Center
2009-05-10 15:03 . 2009-05-10 15:03 -------- d-----w c:\program files\Common Files\supportsoft
2009-05-10 15:02 . 2009-05-10 15:05 -------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-05-10 14:38 . 2009-05-10 14:38 -------- d-----w c:\program files\Raxco
2009-05-10 14:38 . 2009-05-10 14:38 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-05-10 14:37 . 2009-05-10 14:37 -------- d-----w c:\documents and settings\willie williams\Application Data\InstallShield
2009-05-10 12:15 . 2009-05-10 12:15 -------- d-----w c:\documents and settings\Al\Application Data\GamesCafe
2009-05-10 03:29 . 2009-05-10 03:29 -------- d-----w C:\4df18394ccb617c215cd055bc385
2009-05-09 21:40 . 2009-05-09 21:40 -------- d-----w c:\documents and settings\Al\Application Data\eMule
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-09 01:30 . 2006-12-20 21:40 92728 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\bass.dll
2009-05-09 01:30 . 2006-12-21 12:34 1032192 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\MysterySolitaireSIWeb.dll
2009-05-09 01:30 . 2006-12-21 12:33 2277376 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\Resources.dll
2009-05-08 17:56 . 2009-05-08 18:15 -------- d-----w c:\program files\AVS4YOU
2009-05-08 17:37 . 2009-05-08 17:37 -------- d-----w C:\videooutput
2009-05-08 17:37 . 2007-02-25 19:36 383238 ----a-w c:\windows\system32\libmp3lame-0.dll
2009-05-07 22:58 . 2009-05-20 05:21 -------- d-----w c:\windows\mssrvc
2009-05-07 06:43 . 2009-05-07 06:43 1896448 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\dplugins\2.0.1.571\DiagPlugin.dll
2009-05-07 06:39 . 2009-05-07 06:39 196866 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\HTML\MakeDesktopShortcut.EXE
2009-05-06 04:56 . 2009-05-06 04:56 -------- d-----w C:\df35485d9f58055c24fbf64d48b5b401
2009-05-06 04:05 . 2009-05-06 04:06 -------- d-----w C:\9dbb9076e3fe26083f0419b0b89a
2009-05-05 02:37 . 2009-03-30 21:13 98304 ----a-w c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
2009-05-05 02:37 . 2009-05-05 02:37 -------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2009-05-05 02:36 . 2009-05-05 02:36 -------- d-----w C:\users
2009-05-05 02:35 . 2009-05-24 22:27 -------- d-----w c:\program files\RealArcade
2009-05-03 05:16 . 2009-05-03 05:17 -------- d-----w C:\314e63814f11a82b2ae2
2009-05-03 04:57 . 2009-05-03 04:57 -------- d-----w c:\documents and settings\genevaw\IETldCache
2009-05-03 04:11 . 2009-05-03 04:44 -------- d-----w c:\documents and settings\Al\Application Data\Motive
2009-05-03 03:11 . 2009-05-03 05:35 -------- d-----w c:\documents and settings\Al\Application Data\ATTTOOLBAR
2009-05-03 03:05 . 2009-05-03 03:05 -------- d-----w c:\documents and settings\Al\IETldCache
2009-05-03 02:53 . 2009-05-03 02:53 -------- d-----w c:\documents and settings\willie williams\PrivacIE
2009-05-03 02:12 . 2009-05-03 02:12 -------- d-----w c:\documents and settings\willie williams\IETldCache
2009-05-02 23:05 . 2009-05-02 23:05 -------- d-----w c:\windows\ie8updates
2009-05-02 22:26 . 2009-05-03 05:16 -------- dc----w c:\windows\ie8
2009-05-02 19:36 . 2009-05-02 19:36 262144 ----a-w C:\ntuser.dat
2009-05-02 18:58 . 2009-05-25 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\ATTToolbar
2009-05-02 18:58 . 2009-05-02 18:58 -------- d-----w c:\program files\ATTToolbar
2009-05-02 18:58 . 2009-05-03 21:30 -------- d-----w c:\documents and settings\willie williams\Application Data\ATTToolbar
2009-05-02 17:14 . 2009-05-02 18:26 -------- d-----w c:\documents and settings\willie williams\Application Data\Motive
2009-05-02 17:06 . 2009-05-02 17:06 -------- d-----w c:\program files\ATT-HSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 12:37 . 2006-07-19 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-26 11:27 . 2007-01-13 18:21 -------- d-----w c:\documents and settings\Al\Application Data\Vso
2009-05-25 19:12 . 2007-12-05 00:40 -------- d-----w c:\program files\Orbitdownloader
2009-05-25 11:27 . 2006-12-23 04:59 -------- d-----w c:\program files\Yahoo! Games
2009-05-25 11:26 . 2008-05-24 02:11 -------- d-----w c:\program files\Mystery Case Files Prime Suspects
2009-05-25 01:35 . 2006-07-19 16:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:55 . 2007-12-16 13:13 -------- d-----w c:\documents and settings\Al\Application Data\uTorrent
2009-05-25 00:05 . 2007-06-30 15:36 -------- d-----w c:\program files\Common Files\Apple
2009-05-24 23:46 . 2007-04-02 01:06 -------- d-----w c:\documents and settings\Al\Application Data\Orbit
2009-05-24 05:45 . 2007-04-16 23:58 -------- d-----w c:\documents and settings\genevaw\Application Data\Orbit
2009-05-24 05:32 . 2007-04-04 07:07 -------- d-----w c:\documents and settings\willie williams\Application Data\Orbit
2009-05-24 00:16 . 2008-01-14 18:00 -------- d-----w c:\program files\QuickTime
2009-05-22 13:58 . 2007-07-10 18:50 -------- d-----w c:\program files\IDA
2009-05-22 02:42 . 2006-12-24 18:48 4184 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-21 17:45 . 2007-01-01 12:41 -------- d-----w c:\program files\vso
2009-05-21 17:44 . 2007-02-11 11:50 47360 -c--a-w c:\documents and settings\Al\Application Data\pcouffin.sys
2009-05-21 17:44 . 2007-02-11 11:50 47360 -c--a-w c:\documents and settings\Al\Application Data\pcouffin.sys
2009-05-20 18:13 . 2006-08-04 05:26 413472 -c--a-w c:\documents and settings\genevaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:45 . 2006-12-17 18:31 -------- d-----w c:\documents and settings\Al\Application Data\ImgBurn
2009-05-16 11:42 . 2006-12-17 18:31 -------- d-----w c:\program files\ImgBurn
2009-05-16 11:19 . 2006-12-17 18:24 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-15 13:10 . 2007-01-16 21:53 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-05-12 19:51 . 2007-12-27 14:46 -------- d-----w c:\program files\Opera
2009-05-11 23:59 . 2007-11-04 00:55 -------- d-----w c:\program files\Common Files\Scanner
2009-05-11 19:56 . 2006-07-19 12:44 -------- d-----w c:\program files\IrfanView
2009-05-10 14:37 . 2007-11-04 01:02 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-05-10 14:35 . 2006-06-16 02:00 413472 -c--a-w c:\documents and settings\willie williams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 12:43 . 2008-02-16 15:36 -------- d-----w c:\program files\Sony Setup
2009-05-10 03:06 . 2008-05-03 22:22 -------- d-----w c:\program files\honestech One Touch DVD
2009-05-09 21:23 . 2006-09-20 19:56 -------- d-----w c:\program files\DC++
2009-05-09 01:30 . 2006-12-03 18:58 -------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2009-05-08 18:15 . 2007-07-13 01:55 -------- d-----w c:\program files\Common Files\AVSMedia
2009-05-03 09:12 . 2007-03-13 13:03 -------- d-----w c:\program files\Apple Software Update
2009-05-03 05:23 . 2006-08-03 17:39 -------- d--h--r c:\documents and settings\Al\Application Data\yahoo!
2009-05-03 02:12 . 2006-06-21 13:52 -------- d-----w c:\program files\Common Files\Motive
2009-05-02 20:38 . 2006-08-22 13:20 -------- d--h--r c:\documents and settings\Guest\Application Data\yahoo!
2009-05-02 20:27 . 2006-08-04 05:32 -------- d--h--r c:\documents and settings\genevaw\Application Data\yahoo!
2009-05-02 20:05 . 2007-04-09 22:29 698511 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\AutoMaintenance.dll
2009-05-02 19:37 . 2007-06-23 14:08 -------- d--h--r c:\documents and settings\willie williams\Application Data\yahoo!
2009-05-02 19:36 . 2006-08-03 03:03 -------- d-----w c:\program files\Yahoo!
2009-05-02 19:36 . 2006-08-03 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-05-02 18:59 . 2007-11-04 00:51 -------- d-----w c:\program files\AT&T
2009-05-02 17:02 . 2006-06-21 13:53 -------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-04-25 12:33 . 2009-04-25 12:32 -------- d-----w c:\documents and settings\Al\Application Data\ArcSoft
2009-04-21 02:54 . 2006-06-12 22:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 02:41 . 2009-04-21 02:41 -------- d-----w c:\program files\CyberLink
2009-04-18 00:42 . 2009-04-18 00:29 -------- d-----w c:\documents and settings\genevaw\Application Data\ArcSoft
2009-04-18 00:28 . 2009-04-18 00:28 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-18 00:28 . 2009-04-18 00:28 -------- d-----w c:\program files\ArcSoft
2009-04-02 20:29 . 2009-04-02 20:29 152872 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-26 19:23 . 2008-02-02 00:20 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-21 18:38 . 2006-07-19 12:38 1080 -c--a-w c:\windows\AUTOLNCH.REG
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:00 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:14 . 2009-02-28 03:14 20871640 ----a-w c:\documents and settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe
2007-03-12 16:43 . 2007-03-12 16:43 774144 ----a-w c:\program files\RngInterstitial.dll
2005-11-04 15:25 . 2009-04-21 02:39 114688 ----a-w c:\program files\Uninstall_CDS.exe
2006-12-12 22:20 . 2006-06-22 22:57 88 --sh--r c:\windows\system32\66F74466A0.sys
2006-12-20 01:35 . 2006-08-10 13:01 104 --sh--r c:\windows\system32\7F088D69DF.sys
2006-12-31 10:07 . 2006-12-31 10:07 8 -csh--r c:\windows\system32\DF698D087F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 688128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 222768]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 458248]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 181488]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2213720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 214416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 163840]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 151552]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 258048]
"-FreedomNeedsReboot"="c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 13552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 113520]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 226864]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 319488]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2131448]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 181488]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-12-17 275696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 411944]

c:\documents and settings\Al\Start Menu\Programs\Startup\
Stardock Keyboard Launchpad.lnk - c:\program files\Stardock\Object Desktop\KLP\Keys.exe [2007-2-10 483328]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-7-19 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-12 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 01:16 176128 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\vso\\ConvertXtoDVD\\ConvertXtoDvd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\PROGRA~1\\Webshots\\Webshots.scr"=
"c:\\Program Files\\AT&T\\AT&T Internet Security Suite\\rpsupdaterR.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"=
"c:\\Program Files\\Zoom Player\\zplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Stardock\\Object Desktop\\KLP\\Keys.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\DOCUME~1\\Al\\LOCALS~1\\Temp\\windjoq.exe"=
"c:\\DOCUME~1\\Al\\LOCALS~1\\Temp\\rxkth.exe"=

R0 PVMFLDRV;PVMFLDRV;c:\windows\system32\drivers\pvmfldrv.sys [6/30/2005 11:46 AM 20352]
R2 pvmwinser;pvmwinser;c:\windows\system32\pvmser.exe [6/21/2007 11:07 AM 86016]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [9/27/2006 4:22 PM 6852]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\iekkhn.sys --> c:\windows\system32\drivers\iekkhn.sys [?]
S0 mbcovrek;mbcovrek;c:\windows\system32\drivers\avuspulm.sys --> c:\windows\system32\drivers\avuspulm.sys [?]
S0 uteohxcp;uteohxcp;c:\windows\system32\drivers\dzupnr.sys --> c:\windows\system32\drivers\dzupnr.sys [?]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 21:53]

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2007-12-16 c:\windows\Tasks\utorrent.job
- c:\program files\uTorrent\utorrent.exe [2007-12-31 23:35]
.
- - - - ORPHANS REMOVED - - - -

Notify-MCPClient - c:\progra~1\COMMON~1\Stardock\mcpstub.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search - ?p=ZUman000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download ALL with IDA
IE: Download with IDA
DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} - hxxp://games.bigfishgames.com/en_butter ... ontrol.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.bigfishgames.com/en_myster ... uncher.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-149665161-874518588-2011601233-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E98EF1E-CE60-D5E8-C3CF-DE4E6ECBCB63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajidmcghbndhicohgnj"=hex:61,61,00,00
"kajidmcgbbkmhehihggblo"=hex:61,61,00,00
"fajidmcgmaci"=hex:66,61,6c,61,6b,65,6a,64,67,67,64,68,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\shdoclc.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AT&T\AT&T Internet Security Suite\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\Al\LOCALS~1\Temp\windjoq.exe
c:\docume~1\Al\LOCALS~1\Temp\rxkth.exe
.
**************************************************************************
.
Completion time: 2009-05-26 8:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 12:46

Pre-Run: 37,466,734,592 bytes free
Post-Run: 40,692,391,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=PBC1SB /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=PBC1SB-BAK

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
395 --- E O F --- 2008-01-12 08:28



And after I did the combofix, I was told to run this command line and paste the results>>>>>> cmd /c PEV -l "%systemdrive%\proquota.exe" >Log.txt&Log.txt&del Log.txt

The results I received were>>>>>>

----a-w 119,808 2004-08-04 10:00:00 C:\i386\proquota.exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 119,808 Blocks: 234


And this is were everything went all screwy and his replies on the site are not showing up.
phound
Active Member
 
Posts: 2
Joined: May 21st, 2009, 1:01 am
Advertisement
Register to Remove

Re: i have a nasty virus............

Unread postby MWR 3 day Mod » June 1st, 2009, 12:54 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: i have a nasty virus............

Unread postby Shaba » June 4th, 2009, 1:56 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware