Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

O15 Entries, etc.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

O15 Entries, etc.

Unread postby Mike10431 » February 16th, 2011, 1:28 pm

I originally posted to this forum re: Windows Disk Virus which had suddenly popped up. Somehow in the aftermath of my initial attempts to rid my system of WDV it inexplicably disappeared. I requested my thread be closed because i thought I was rid of the virus. Upon the observation made by the admin who closed it I am making a new topic concerning these O15 entries and I would be very appreciative of someone noting anything else that looks suspicious.

I currently use Avast! antivirus 5.1.889 and SuperAntiSpyware Free Version 4.48.1000. I have Malwarebytes installed, but have not used it in a few months.

Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:56 AM, on 2/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Documents and Settings\Michael \Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael \Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael \Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael \Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Michael \Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=34
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {16A67AA3-9562-4506-A5AB-4A645697ECBD} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: http://cdnrep.reimage.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} (ReiEngine Class) - http://cdnrep.reimage.com/reix1223.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2589685328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6938099968
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9531 bytes

Uninstall_list

ABBYY FineReader 6.0 Sprint
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
AIM 7
ASUS Wireless Router WL-520GU Utilities
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Problem Report Wizard
Auslogics BoostSpeed
avast! Free Antivirus
Catalyst Control Center - Branding
CCleaner
Certblaster CompTIA Network+ (2009 Edition)
Character Builder
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
EA Link
EPSON Scan
Final Media Player 2010
Garmin Communicator Plugin
Garmin USB Drivers
HD Tune 2.55
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java(TM) 6 Update 18
Java(TM) 6 Update 6
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
Nero OEM
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Oracle VM VirtualBox 3.2.12
QuickTime
RealPlayer
Reimage real-time monitor
Reimage Repair
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SUPERAntiSpyware
System Requirements Lab
TweakNow RegCleaner Standard
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinAce Archiver
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
World of Warcraft
World of Warcraft Beta
Xvid 1.2.1 final uninstall
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am
Advertisement
Register to Remove

Re: O15 Entries, etc.

Unread postby melboy » February 19th, 2011, 8:50 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=============================================


Fix HijackThis entries

  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {16A67AA3-9562-4506-A5AB-4A645697ECBD} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

REBOOT


DelDomains

Please download: DelDomains.inf and save it to your desktop.

  • Locate DelDomains.inf on your desktop.
  • Right-click and select Install
  • This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
  • Any previously added restricted zone entries (by SpywareBlaster, Spybot S&D etc) will need to be reapplyed.
NOTE: You will not see any on-screen action.



Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Search Settings 1.2
TweakNow RegCleaner Standard

Registry Cleaners

Re. TweakNow RegCleaner Standard

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on reg cleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum



DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.




In your next reply:
  1. DDS.txt
  2. Attach.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 20th, 2011, 9:19 am

Here are the DDS.txt and Attach.txt requested.

Thanks

DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael XXXXXXXXXX at 8:07:30.85 on Sun 02/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2564 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael XXXXXXXXXX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/flash/index.cfm?division=34
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1223.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 2589685328
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 6938099968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\gsa2mjge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\michael xxxxxxxxxx\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\michael xxxxxxxxxx\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: ClickPotatoLite Component: ClickPotatoLite@ClickPotatoLite.com - c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\michael xxxxxxxxxx\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-24 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-8-28 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-8-28 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-24 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-24 40384]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 AdwareRemovalSysGuardDriver;AdwareRemovalSysGuardDriver;c:\program files\eadwareremoval\SysGuard.sys [2007-5-18 13824]
S3 cpuz132;cpuz132;\??\c:\docume~1\michae~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\michae~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\michae~1\locals~1\temp\gpu-z.sys --> c:\docume~1\michae~1\locals~1\temp\GPU-Z.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2011-02-16 16:51:17 388096 ----a-r- c:\docume~1\michae~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-13 19:38:37 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\WMTools Downloaded Files
2011-02-13 04:40:45 -------- d-----w- c:\program files\Trend Micro
2011-02-12 22:58:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-12 01:55:30 -------- d-----w- c:\documents and settings\michael xxxxxxxxxx\Tracing
2011-02-12 01:54:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-12 01:51:45 -------- d-----w- c:\program files\Microsoft
2011-02-12 01:51:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-12 01:49:34 74520 ----a-w- c:\program files\common files\windows live\.cache\190a1dd01cbca57\DSETUP.dll
2011-02-12 01:49:34 484632 ----a-w- c:\program files\common files\windows live\.cache\190a1dd01cbca57\DXSETUP.exe
2011-02-12 01:49:34 1670936 ----a-w- c:\program files\common files\windows live\.cache\190a1dd01cbca57\dsetup32.dll
2011-02-12 01:49:22 1013800 ----a-w- c:\program files\common files\windows live\.cache\121c48401cbca57\WindowsXP-KB954708-x86-ENU.exe
2011-02-12 01:47:00 -------- d-----w- c:\program files\common files\Windows Live
2011-02-11 19:30:25 762736 ----a-w- c:\windows\vVX3000.exe
2011-02-11 19:30:25 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2011-02-11 19:30:25 503152 ----a-w- c:\windows\system32\LcProxy.ax
2011-02-11 19:30:25 227696 ----a-w- c:\windows\vVX3000.dll
2011-02-11 19:30:25 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2011-02-11 19:30:25 175472 ----a-w- c:\windows\system32\cVX3000.dll
2011-02-11 19:30:25 101232 ----a-w- c:\windows\VX3000.dll
2011-02-11 19:30:08 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-11 19:30:03 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-11 19:30:00 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-10 14:56:45 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-10 14:56:45 -------- d-----w- c:\program files\Xvid
2011-02-10 14:56:21 -------- d-----w- c:\program files\ClickPotatoLite
2011-02-10 14:56:21 -------- d-----w- c:\docume~1\michae~1\applic~1\ClickPotatoLite
2011-02-10 14:56:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\ClickPotatoLiteSA
2011-02-10 14:56:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-02-04 19:00:15 -------- d-----w- c:\program files\Oracle
2011-01-29 00:30:17 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\{CB60C8E2-39F8-4017-AC08-421EE96C5848}
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-02-12 20:29:01 9216 ----a-w- c:\windows\system32\Native.exe
2011-02-12 13:02:49 0 ----a-w- c:\windows\Ckocuyufomorabul.bin
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 18:44:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

============= FINISH: 8:08:12.92 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/14/2007 6:33:56 PM
System Uptime: 2/20/2011 7:56:53 AM (1 hours ago)

Motherboard: MSI | | MS-7350
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | CPU 1 |

2400/267mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 134.721 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_73501462&REV_A3\3&267A616A&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_73501462&REV_A3

\3&267A616A&0&51
Service:

==== System Restore Points ===================

RP1: 11/28/2010 9:19:34 PM - System Checkpoint
RP2: 11/30/2010 12:11:26 PM - Configured Microsoft Office Standard 2007
RP3: 12/1/2010 3:12:40 PM - System Checkpoint
RP4: 12/3/2010 2:16:33 AM - System Checkpoint
RP5: 12/4/2010 2:18:29 AM - System Checkpoint
RP6: 12/5/2010 12:52:29 PM - System Checkpoint
RP7: 12/5/2010 3:17:02 PM - Configured Microsoft Office Standard 2007
RP8: 12/6/2010 3:31:58 PM - System Checkpoint
RP9: 12/9/2010 10:45:08 AM - System Checkpoint
RP10: 12/10/2010 1:20:30 PM - System Checkpoint
RP11: 12/12/2010 3:40:44 PM - Configured Microsoft Office Standard 2007
RP12: 12/14/2010 11:40:48 AM - System Checkpoint
RP13: 12/16/2010 10:25:23 AM - System Checkpoint
RP14: 12/17/2010 1:57:01 AM - Software Distribution Service 3.0
RP15: 12/17/2010 1:00:14 PM - Software Distribution Service 3.0
RP16: 12/17/2010 4:01:03 PM - Software Distribution Service 3.0
RP17: 12/17/2010 7:47:47 PM - Configured Microsoft Office Standard 2007
RP18: 12/18/2010 9:25:23 PM - System Checkpoint
RP19: 12/20/2010 3:06:46 PM - System Checkpoint
RP20: 12/21/2010 4:40:46 PM - Configured Microsoft Office Standard 2007
RP21: 12/22/2010 6:08:57 PM - System Checkpoint
RP22: 12/23/2010 6:41:44 PM - System Checkpoint
RP23: 12/25/2010 8:21:26 AM - Configured Microsoft Office Standard 2007
RP24: 12/26/2010 9:01:02 AM - System Checkpoint
RP25: 12/27/2010 3:41:19 PM - System Checkpoint
RP26: 12/28/2010 3:47:24 PM - System Checkpoint
RP27: 12/28/2010 9:10:26 PM - Configured Microsoft Office Standard 2007
RP28: 12/30/2010 7:07:07 PM - System Checkpoint
RP29: 12/31/2010 9:34:19 PM - System Checkpoint
RP30: 1/2/2011 3:04:03 AM - System Checkpoint
RP31: 1/2/2011 11:29:39 AM - Software Distribution Service 3.0
RP32: 1/2/2011 7:25:36 PM - Configured Microsoft Office Standard 2007
RP33: 1/5/2011 12:31:40 AM - System Checkpoint
RP34: 1/6/2011 8:35:39 AM - System Checkpoint
RP35: 1/7/2011 10:27:53 AM - System Checkpoint
RP36: 1/8/2011 7:51:53 PM - System Checkpoint
RP37: 1/10/2011 8:22:54 PM - System Checkpoint
RP38: 1/12/2011 1:38:07 PM - System Checkpoint
RP39: 1/12/2011 3:25:08 PM - Software Distribution Service 3.0
RP40: 1/13/2011 3:35:37 PM - Configured Microsoft Office Standard 2007
RP41: 1/14/2011 4:07:54 PM - System Checkpoint
RP42: 1/15/2011 5:34:47 PM - Configured Microsoft Office Standard 2007
RP43: 1/16/2011 6:43:18 PM - System Checkpoint
RP44: 1/17/2011 3:08:10 PM - Configured Microsoft Office Standard 2007
RP45: 1/18/2011 4:15:40 PM - Configured Microsoft Office Standard 2007
RP46: 1/18/2011 11:03:54 PM - Configured Microsoft Office Standard 2007
RP47: 1/20/2011 2:39:44 AM - System Checkpoint
RP48: 1/20/2011 11:17:38 PM - Configured Microsoft Office Standard 2007
RP49: 1/22/2011 11:19:08 PM - System Checkpoint
RP50: 1/23/2011 9:01:05 AM - Configured Microsoft Office Standard 2007
RP51: 1/24/2011 1:04:51 PM - System Checkpoint
RP52: 1/25/2011 9:22:59 AM - Configured Microsoft Office Standard 2007
RP53: 1/26/2011 3:26:06 PM - System Checkpoint
RP54: 1/27/2011 11:31:57 PM - System Checkpoint
RP55: 1/28/2011 11:58:15 PM - System Checkpoint
RP56: 1/30/2011 12:50:53 PM - System Checkpoint
RP57: 2/1/2011 10:52:07 AM - System Checkpoint
RP58: 2/2/2011 1:52:54 PM - System Checkpoint
RP59: 2/3/2011 3:11:08 PM - System Checkpoint
RP60: 2/4/2011 12:23:39 PM - Configured Microsoft Office Standard 2007
RP61: 2/4/2011 1:59:55 PM - Removed Oracle VM VirtualBox 3.2.8
RP62: 2/4/2011 2:00:13 PM - Installed Oracle VM VirtualBox 3.2.12
RP63: 2/5/2011 4:15:08 PM - System Checkpoint
RP64: 2/6/2011 6:26:34 PM - System Checkpoint
RP65: 2/7/2011 10:30:08 PM - System Checkpoint
RP66: 2/9/2011 8:03:48 AM - Software Distribution Service 3.0
RP67: 2/10/2011 10:12:44 AM - System Checkpoint
RP68: 2/11/2011 12:01:43 PM - System Checkpoint
RP69: 2/11/2011 2:29:59 PM - Installed DirectX
RP70: 2/11/2011 8:52:49 PM - Installed Windows XP KB954708.
RP71: 2/11/2011 8:53:03 PM - Installed DirectX
RP72: 2/12/2011 8:03:31 AM - Software Distribution Service 3.0
RP73: 2/13/2011 7:51:09 AM - Restore Operation
RP74: 2/13/2011 7:54:45 AM - Restore Operation
RP75: 2/13/2011 7:58:18 AM - Restore Operation
RP76: 2/13/2011 8:03:48 AM - Restore Operation
RP77: 2/13/2011 8:14:39 AM - Restore Operation
RP78: 2/13/2011 1:00:17 PM - Software Distribution Service 3.0
RP79: 2/14/2011 2:16:52 PM - Removed Driver Detective.
RP80: 2/15/2011 7:58:08 AM - Software Distribution Service 3.0
RP81: 2/16/2011 9:09:38 AM - Configured Microsoft Office Standard 2007
RP82: 2/16/2011 11:51:17 AM - Installed HiJackThis
RP83: 2/17/2011 6:59:48 PM - System Checkpoint
RP84: 2/18/2011 7:46:57 PM - System Checkpoint
RP85: 2/19/2011 10:03:33 PM - System Checkpoint
RP86: 2/20/2011 8:04:09 AM - Removed Search Settings 1.2.

==== Installed Programs ======================


ABBYY FineReader 6.0 Sprint
Active@ ISO Burner
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
AIM 7
ASUS Wireless Router WL-520GU Utilities
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Problem Report Wizard
Auslogics BoostSpeed
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Certblaster CompTIA Network+ (2009 Edition)
Character Builder
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
EA Link
EPSON Scan
Final Media Player 2010
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
HD Tune 2.55
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

(KB951708)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 6
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET

Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Move Media Player
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
Nero OEM
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Oracle VM VirtualBox 3.2.12
QuickTime
RealPlayer
Reimage real-time monitor
Reimage Repair
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skins
Skype Toolbars
Skype™ 4.2
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SUPERAntiSpyware
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinAce Archiver
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007

2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
World of Warcraft
World of Warcraft Beta
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

2/16/2011 7:09:48 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: Lbd
2/13/2011 8:11:54 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order to

run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/13/2011 8:07:43 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: Aavmker4

aswSP aswTdi Fips intelppm Lbd SASDIFSV SASKUTIL VBoxDrv VBoxUSBMon
2/13/2011 8:06:24 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service upnphost with arguments "" in order to

run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/13/2011 7:58:09 AM, error: Service Control Manager [7024] - The

Windows Search service terminated with service-specific error 2147749155

(0x80040D23).

==== End Of File ===========================
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 21st, 2011, 8:45 am

Hi


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 21st, 2011, 4:39 pm

MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5830

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2011 12:59:13 PM
mbam-log-2011-02-21 (12-59-13).txt

Scan type: Quick scan
Objects scanned: 165761
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Not selected for removal.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\michael xxxxxxxxxx\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 22nd, 2011, 7:32 am

Hi

Good - Do you have the ESET log?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 22nd, 2011, 8:35 am

Sorry I closed eset before copying the file and had to run everything again. :oops:

C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.DZ trojan
C:\Downloads\Media.Player.Codec.Pack.V3.2.0.Setup.exe Win32/Adware.Toolbar.Dealio application
C:\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
C:\WINDOWS\azaborov.dll a variant of Win32/Kryptik.KNA trojan
C:\WINDOWS\system32\avtcjlrj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\bmbvuigp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\bsvdsred.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\btnypgei.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ceidfttb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\citsiuss.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\dnhqhdnw.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ecvjsfhh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\edgMmnpo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\edgMmnpo.ini2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\empmylid.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fetjaxxq.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fmmqjxxw.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fyerettc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fyquritk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\gbqarell.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\gqxnmuoh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\gwwmousj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\hloluhst.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\hvlmuhnc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ixggupyq.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\jdeaxfnd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\klpeaixv.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\kwwkvhob.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\mbkqsevc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\mcglpliv.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\mlccoqip.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\nyxmxlnf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ogjolgoa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\olrcljrx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\orysuugc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ovbfdxoj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\pghmjhdf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\qhkurhas.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\qrwuepoa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\rmsdlqql.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\rouwvrqp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\sefcnhve.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\svkrvthj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\tjotenlr.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\tmijvtpx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\trroxvcc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\wmqlpcwb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xcfomjmi.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xrcwkjej.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xrowcbil.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\yparaadh.ini Win32/Adware.Virtumonde.NEO application
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 22nd, 2011, 9:04 am

Hi

Thanks.



ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 22nd, 2011, 2:03 pm

ComboFix 11-02-21.02 - Michael XXXXXXXXXXX 02/22/2011 12:48:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2482 [GMT -5:00]
Running from: c:\documents and settings\Michael XXXXXXXXXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael XXXXXXXXXX\Application Data\Adobe\plugs
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\justified.s02e01.hdtv.xvid-asap.avi.ddr
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Michael XXXXXXXXXX\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\justified.s02e01.hdtv.xvid-asap.avi.ddp
c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\{CB60C8E2-39F8-4017-AC08-421EE96C5848}
c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\{CB60C8E2-39F8-4017-AC08-421EE96C5848}\chrome.manifest
c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\{CB60C8E2-39F8-4017-AC08-421EE96C5848}\chrome\content\_cfg.js
c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\{CB60C8E2-39F8-4017-AC08-421EE96C5848}\chrome\content\overlay.xul
c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\{CB60C8E2-39F8-4017-AC08-421EE96C5848}\install.rdf
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\windows\settings.reg
c:\windows\system32\avtcjlrj.ini
c:\windows\system32\bmbvuigp.ini
c:\windows\system32\bsvdsred.ini
c:\windows\system32\btnypgei.ini
c:\windows\system32\ceidfttb.ini
c:\windows\system32\citsiuss.ini
c:\windows\system32\Data
c:\windows\system32\dnhqhdnw.ini
c:\windows\system32\ecvjsfhh.ini
c:\windows\system32\edgMmnpo.ini
c:\windows\system32\edgMmnpo.ini2
c:\windows\system32\empmylid.ini
c:\windows\system32\fetjaxxq.ini
c:\windows\system32\fmmqjxxw.ini
c:\windows\system32\fyerettc.ini
c:\windows\system32\fyquritk.ini
c:\windows\system32\gbqarell.ini
c:\windows\system32\gqxnmuoh.ini
c:\windows\system32\gwwmousj.ini
c:\windows\system32\hloluhst.ini
c:\windows\system32\hvlmuhnc.ini
c:\windows\system32\ixggupyq.ini
c:\windows\system32\jdeaxfnd.ini
c:\windows\system32\klpeaixv.ini
c:\windows\system32\kwwkvhob.ini
c:\windows\system32\mbkqsevc.ini
c:\windows\system32\mcglpliv.ini
c:\windows\system32\mlccoqip.ini
c:\windows\system32\nyxmxlnf.ini
c:\windows\system32\ogjolgoa.ini
c:\windows\system32\olrcljrx.ini
c:\windows\system32\orysuugc.ini
c:\windows\system32\ovbfdxoj.ini
c:\windows\system32\pghmjhdf.ini
c:\windows\system32\qhkurhas.ini
c:\windows\system32\qrwuepoa.ini
c:\windows\system32\rmsdlqql.ini
c:\windows\system32\rouwvrqp.ini
c:\windows\system32\sefcnhve.ini
c:\windows\system32\svkrvthj.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\tjotenlr.ini
c:\windows\system32\tmijvtpx.ini
c:\windows\system32\trroxvcc.ini
c:\windows\system32\wmqlpcwb.ini
c:\windows\system32\xcfomjmi.ini
c:\windows\system32\xrcwkjej.ini
c:\windows\system32\xrowcbil.ini
c:\windows\system32\yparaadh.ini

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-21 20:51 . 2011-02-21 20:51 -------- d-----w- c:\program files\ESET
2011-02-16 16:51 . 2011-02-16 16:51 388096 ----a-r- c:\documents and settings\Michael XXXXXXXXXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 19:38 . 2011-02-13 19:38 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\WMTools Downloaded Files
2011-02-13 04:40 . 2011-02-13 13:29 -------- d-----w- c:\program files\Trend Micro
2011-02-13 03:29 . 2011-02-13 13:12 -------- d-----w- c:\documents and settings\Administrator
2011-02-12 22:58 . 2011-02-13 13:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-12 01:55 . 2011-02-22 04:30 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Tracing
2011-02-12 01:54 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-12 01:53 . 2011-02-12 01:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-12 01:51 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft
2011-02-12 01:51 . 2011-02-12 01:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-12 01:51 . 2011-02-12 01:53 -------- d-----w- c:\program files\Windows Live
2011-02-12 01:47 . 2011-02-12 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-11 19:30 . 2010-05-20 20:27 762736 ----a-w- c:\windows\vVX3000.exe
2011-02-11 19:30 . 2010-05-20 20:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2011-02-11 19:30 . 2010-05-20 20:27 503152 ----a-w- c:\windows\system32\LcProxy.ax
2011-02-11 19:30 . 2010-05-20 20:27 227696 ----a-w- c:\windows\vVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2011-02-11 19:30 . 2010-05-20 20:27 175472 ----a-w- c:\windows\system32\cVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 101232 ----a-w- c:\windows\VX3000.dll
2011-02-11 19:30 . 2011-02-11 19:30 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-11 19:30 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-11 19:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-10 14:56 . 2011-02-10 14:56 -------- d-----w- c:\program files\Xvid
2011-02-10 14:56 . 2008-12-14 01:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-04 19:00 . 2011-02-04 19:00 -------- d-----w- c:\program files\Oracle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 20:29 . 2008-11-29 16:07 9216 ----a-w- c:\windows\system32\Native.exe
2011-01-21 14:44 . 2004-10-08 12:01 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-03-24 21:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-24 21:08 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-24 21:08 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-24 21:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-24 21:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-24 21:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-24 21:08 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-24 21:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-10-08 12:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2010-06-29 04:59 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-10-08 12:01 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-10-08 12:01 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-10-08 12:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-10-08 12:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-10-08 12:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-05-07 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-05-07 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-10-08 12:01 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-10-08 12:01 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 17:04 . 2006-10-19 02:47 613376 ------w- c:\windows\system32\wmpmde.dll
2010-12-15 17:04 . 2006-10-19 02:47 204288 ------w- c:\windows\system32\wmpsrcwp.dll
2010-12-15 17:04 . 2006-10-19 02:47 130048 ------w- c:\windows\system32\wmpps.dll
2010-12-15 17:04 . 2006-10-19 01:47 767488 ------w- c:\windows\system32\WMVSENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 656896 ------w- c:\windows\system32\WMVXENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 38400 ------w- c:\windows\system32\wpdshextres.dll
2010-12-15 17:04 . 2006-10-19 01:47 2603008 ------w- c:\windows\system32\WpdShext.dll
2010-12-15 17:04 . 2006-10-19 01:47 1575424 ------w- c:\windows\system32\WMVENCOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\WMVDECOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1382912 ------w- c:\windows\system32\WMVSDECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 133632 ------w- c:\windows\system32\WPDShServiceObj.dll
2010-12-15 17:04 . 2006-10-19 00:00 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2010-12-15 17:04 . 2004-10-11 19:20 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2010-12-15 17:04 . 2004-10-11 19:20 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2010-12-15 17:04 . 2004-10-11 19:20 35840 ----a-w- c:\windows\system32\wpdconns.dll
2010-12-15 17:04 . 2004-10-11 19:20 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-15 17:04 . 2004-10-11 19:20 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-15 17:04 . 2004-10-08 12:01 99840 ----a-w- c:\windows\system32\wmpshell.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 1329152 ----a-w- c:\windows\system32\WMSPDMOE.dll
2010-12-15 17:04 . 2004-10-08 12:01 8231936 ----a-w- c:\windows\system32\wmploc.dll
2010-12-15 17:04 . 2006-10-19 02:47 295936 ------w- c:\windows\system32\wmpeffects.dll
2010-12-15 17:04 . 2006-10-19 02:47 1661952 ------w- c:\windows\system32\wmpencen.dll
2010-12-15 17:04 . 2006-10-19 01:47 535040 ------w- c:\windows\system32\wmdrmsdk.dll
2010-12-15 17:04 . 2004-10-11 19:20 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2010-12-15 17:04 . 2004-10-11 19:20 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2010-12-15 17:04 . 2004-10-08 12:01 938496 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-12-15 17:04 . 2004-10-08 12:01 757248 ----a-w- c:\windows\system32\WMADMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 37376 ----a-w- c:\windows\system32\wmdmps.dll
2010-12-15 17:04 . 2004-10-08 12:01 33792 ----a-w- c:\windows\system32\wmdmlog.dll
2010-12-15 17:04 . 2004-10-08 12:01 227328 ----a-w- c:\windows\system32\wmerror.dll
2010-12-15 17:04 . 2004-10-08 12:01 222208 ----a-w- c:\windows\system32\WMASF.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\wmpasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 157184 ----a-w- c:\windows\system32\wmidx.dll
2010-12-15 17:04 . 2004-10-08 12:01 1117696 ----a-w- c:\windows\system32\WMADMOE.dll
2010-12-15 17:04 . 2006-10-19 01:47 254976 ------w- c:\windows\system32\PortableDeviceApi.dll
2010-12-15 17:04 . 2006-10-19 01:47 199168 ------w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-15 17:04 . 2006-10-19 01:47 166912 ------w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-15 17:04 . 2006-10-19 01:47 132096 ------w- c:\windows\system32\PortableDeviceWiaCompat.dll
2010-12-15 17:04 . 2006-10-19 01:47 101888 ------w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\wdfmgr.exe
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\uwdf.exe
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-12-15 17:04 . 2004-10-08 12:01 414720 ----a-w- c:\windows\system32\msscp.dll
2010-12-15 17:04 . 2004-10-08 12:01 321536 ----a-w- c:\windows\system32\mswmdm.dll
2010-12-15 17:04 . 2004-10-08 12:01 27136 ----a-w- c:\windows\system32\mspmsnsv.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\qasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 179712 ----a-w- c:\windows\system32\msnetobj.dll
2010-12-15 17:04 . 2004-10-08 12:01 175616 ----a-w- c:\windows\system32\mspmsp.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MPG4DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MP43DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 212992 ------w- c:\windows\system32\MFPLAT.dll
2010-12-15 17:04 . 2006-10-19 01:05 232448 ------w- c:\windows\system32\l3codecp.acm
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MPG4DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP4SDMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP43DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 11264 ----a-w- c:\windows\system32\LAPRXY.dll
2010-12-15 17:04 . 2004-10-08 12:01 100864 ----a-w- c:\windows\system32\logagent.exe
2010-12-15 17:04 . 2004-10-08 12:01 991744 ----a-w- c:\windows\system32\drmv2clt.dll
2010-12-15 17:04 . 2006-10-19 01:47 671232 ------w- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
2010-12-15 17:04 . 2006-10-19 01:47 276992 ------w- c:\windows\system32\audiodev.dll
2010-12-15 17:04 . 2006-10-19 00:00 249856 ------w- c:\windows\system32\drmupgds.exe
2010-12-15 17:04 . 2004-10-11 19:20 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-12-15 17:04 . 2004-10-08 12:01 87040 ----a-w- c:\windows\system32\drmstor.dll
2010-12-15 17:04 . 2004-10-08 12:01 7168 ----a-w- c:\windows\system32\asferror.dll
2010-12-15 17:04 . 2004-10-08 12:01 542720 ----a-w- c:\windows\system32\blackbox.dll
2010-12-15 17:04 . 2004-10-08 12:01 299520 ----a-w- c:\windows\system32\drmclien.dll
2010-12-15 17:04 . 2004-10-08 12:01 229376 ----a-w- c:\windows\system32\cewmdm.dll
2010-12-09 15:15 . 2004-10-08 12:01 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-10-08 12:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-10-08 12:01 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 18:44 . 2010-08-05 18:08 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 18:44 . 2010-12-01 18:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
.

------- Sigcheck -------

[-] 2010-12-15 17:04 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[7] 2010-12-15 17:04 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2010-02-20 21:30 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2008-11-29 17:45 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ioloDMV"=2 (0x2)
"ADVService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbccoms.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\World of Warcraft Beta\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/11/2010 5:08 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/24/2010 4:08 PM 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/28/2010 5:36 PM 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/28/2010 5:36 PM 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/24/2010 4:08 PM 17744]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 1:08 PM 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 1:44 PM 111504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AdwareRemovalSysGuardDriver;AdwareRemovalSysGuardDriver;c:\program files\EAdwareRemoval\SysGuard.sys [5/18/2007 7:07 AM 13824]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 4:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004Core.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004UA.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/flash/index.cfm?division=34
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1223.cab
FF - ProfilePath - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\gsa2mjge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Move Networks
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-Inofahozew - c:\windows\adpslt.dll
AddRemove-Adobe Acrobat Connect Add-in - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-02-22 12:52:41
ComboFix-quarantined-files.txt 2011-02-22 17:52

Pre-Run: 144,183,332,864 bytes free
Post-Run: 144,046,264,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8816F0D16B362A65E3C3183C20F4C36B
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 22nd, 2011, 8:30 pm

Hi

Good - Give me an update on how things are running.



Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.4.1
  • Install the new downloaded updated software.
  • Then using the internal updater update ensure the software is updated to the current increment 10.0.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 24.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition JDK 6 Update 24 (JDK or JRE)"
  • Click the Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u24-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 6
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


=======================


COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

If combofix prompts you to update it at any point, please allow it to do so.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Driver::
    Lbd
    AdwareRemovalSysGuardDriver
    
    File::
    c:\windows\Ckocuyufomorabul.bin
    C:\Documents and Settings\All Users\Documents\Server\hlp.dat
    C:\Downloads\Media.Player.Codec.Pack.V3.2.0.Setup.exe
    C:\Downloads\registrybooster.exe
    C:\WINDOWS\azaborov.dll
    c:\windows\system32\drivers\Lbd.sys
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Dealio]
    
    Folder::
    c:\program files\EAdwareRemoval
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 22nd, 2011, 9:54 pm

Things seem to be already running better. I found myself with more programs running than normal today without any effect.

There were a couple of small flies in the ointment with your last set of instructions.

Adobe uninstall failed. The msg I got was:

Error 1402.Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\current\Version\Run\OptionalComponents\IMAIL.
Verify that you have sufficient access to that key, or contact your support personnel.

Combofix also failed at transmitting a portion of some info back. Something about a server being off line. Everything else went exactly according to plan.

(Also curious where some advice and strategy would be best discussed to avoid this stuff in the future.)

Thanks

ComboFix 11-02-22.01 - Michael XXXXXXXXXX 02/22/2011 20:19:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2560 [GMT -5:00]
Running from: c:\documents and settings\Michael XXXXXXXXXX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael XXXXXXXXXX\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Documents\Server\hlp.dat"
"c:\downloads\Media.Player.Codec.Pack.V3.2.0.Setup.exe"
"c:\downloads\registrybooster.exe"
"c:\windows\azaborov.dll"
"c:\windows\Ckocuyufomorabul.bin"
"c:\windows\system32\drivers\Lbd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\Server\hlp.dat
c:\downloads\Media.Player.Codec.Pack.V3.2.0.Setup.exe
c:\downloads\registrybooster.exe
c:\program files\EAdwareRemoval
c:\program files\EAdwareRemoval\AdwareRemoval.exe
c:\program files\EAdwareRemoval\AdwareRemoval.exe.txt
c:\program files\EAdwareRemoval\AdwareRemoval.exe0.txt
c:\program files\EAdwareRemoval\AppManager.dat
c:\program files\EAdwareRemoval\engine.dll
c:\program files\EAdwareRemoval\fingerprint.def
c:\program files\EAdwareRemoval\htmlayout.dll
c:\program files\EAdwareRemoval\image\ListHeadCtrl.bmp
c:\program files\EAdwareRemoval\image\scanningcookie.gif
c:\program files\EAdwareRemoval\image\scanningfiles.gif
c:\program files\EAdwareRemoval\image\scanningmemory.gif
c:\program files\EAdwareRemoval\image\scanningregistry.gif
c:\program files\EAdwareRemoval\image\spydb.dat
c:\program files\EAdwareRemoval\install.dll
c:\program files\EAdwareRemoval\lang\en_US.dll
c:\program files\EAdwareRemoval\loading.html
c:\program files\EAdwareRemoval\log.dll
c:\program files\EAdwareRemoval\option.dll
c:\program files\EAdwareRemoval\option.exe
c:\program files\EAdwareRemoval\pc.dat
c:\program files\EAdwareRemoval\profile.dat
c:\program files\EAdwareRemoval\rp.ini
c:\program files\EAdwareRemoval\schedules.exe
c:\program files\EAdwareRemoval\skins\2\dialog.bmp
c:\program files\EAdwareRemoval\skins\2\dialog2.bmp
c:\program files\EAdwareRemoval\skins\2\Frames.bmp
c:\program files\EAdwareRemoval\skins\2\option.bmp
c:\program files\EAdwareRemoval\skins\2\skin.dat
c:\program files\EAdwareRemoval\skins\2\skin.xml
c:\program files\EAdwareRemoval\skins\3\dialog.bmp
c:\program files\EAdwareRemoval\skins\3\dialog2.bmp
c:\program files\EAdwareRemoval\skins\3\Frames.bmp
c:\program files\EAdwareRemoval\skins\3\skin.dat
c:\program files\EAdwareRemoval\skins\3\skin.xml
c:\program files\EAdwareRemoval\skins\default\Adware Remover.bmp
c:\program files\EAdwareRemoval\skins\default\dialog.bmp
c:\program files\EAdwareRemoval\skins\default\Frames.bmp
c:\program files\EAdwareRemoval\skins\default\skin.dat
c:\program files\EAdwareRemoval\skins\default\skin.xml
c:\program files\EAdwareRemoval\skins\skin.xml
c:\program files\EAdwareRemoval\smartupgrade.exe
c:\program files\EAdwareRemoval\smartupgrade.exe.txt
c:\program files\EAdwareRemoval\smartupgrade.exe0.txt
c:\program files\EAdwareRemoval\sssdb.dat
c:\program files\EAdwareRemoval\ssudb.dat
c:\program files\EAdwareRemoval\sysguard.exe.txt
c:\program files\EAdwareRemoval\sysguard.exe0.txt
c:\program files\EAdwareRemoval\SysGuard.sys
c:\program files\EAdwareRemoval\Tray.exe
c:\program files\EAdwareRemoval\tray.exe.txt
c:\program files\EAdwareRemoval\Uninstall.exe
c:\program files\EAdwareRemoval\upgrade\pc.dat
c:\program files\EAdwareRemoval\upgrade\update.exe
c:\program files\EAdwareRemoval\upgrade\update.exe.txt
c:\program files\EAdwareRemoval\upgrade\updateinfo.xml
c:\windows\azaborov.dll
c:\windows\Ckocuyufomorabul.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADWAREREMOVALSYSGUARDDRIVER
-------\Legacy_LBD
-------\Service_AdwareRemovalSysGuardDriver
-------\Service_Lbd


((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 01:08 . 2011-02-23 01:08 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 01:08 . 2011-02-23 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-23 01:08 . 2011-02-23 01:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-21 20:51 . 2011-02-21 20:51 -------- d-----w- c:\program files\ESET
2011-02-16 16:51 . 2011-02-16 16:51 388096 ----a-r- c:\documents and settings\Michael XXXXXXXXXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 19:38 . 2011-02-13 19:38 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\WMTools Downloaded Files
2011-02-13 04:40 . 2011-02-13 13:29 -------- d-----w- c:\program files\Trend Micro
2011-02-13 03:29 . 2011-02-13 13:12 -------- d-----w- c:\documents and settings\Administrator
2011-02-12 22:58 . 2011-02-13 13:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-12 01:55 . 2011-02-23 01:26 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Tracing
2011-02-12 01:54 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-12 01:53 . 2011-02-12 01:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-12 01:51 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft
2011-02-12 01:51 . 2011-02-12 01:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-12 01:51 . 2011-02-12 01:53 -------- d-----w- c:\program files\Windows Live
2011-02-12 01:47 . 2011-02-12 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-11 19:30 . 2010-05-20 20:27 762736 ----a-w- c:\windows\vVX3000.exe
2011-02-11 19:30 . 2010-05-20 20:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2011-02-11 19:30 . 2010-05-20 20:27 503152 ----a-w- c:\windows\system32\LcProxy.ax
2011-02-11 19:30 . 2010-05-20 20:27 227696 ----a-w- c:\windows\vVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2011-02-11 19:30 . 2010-05-20 20:27 175472 ----a-w- c:\windows\system32\cVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 101232 ----a-w- c:\windows\VX3000.dll
2011-02-11 19:30 . 2011-02-11 19:30 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-11 19:30 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-11 19:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-10 14:56 . 2011-02-10 14:56 -------- d-----w- c:\program files\Xvid
2011-02-10 14:56 . 2008-12-14 01:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-04 19:00 . 2011-02-04 19:00 -------- d-----w- c:\program files\Oracle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 20:29 . 2008-11-29 16:07 9216 ----a-w- c:\windows\system32\Native.exe
2011-01-21 14:44 . 2004-10-08 12:01 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-03-24 21:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-24 21:08 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-24 21:08 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-24 21:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-24 21:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-24 21:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-24 21:08 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-24 21:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-10-08 12:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2010-06-29 04:59 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-10-08 12:01 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-10-08 12:01 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-10-08 12:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-10-08 12:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-10-08 12:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-05-07 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-05-07 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-10-08 12:01 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-10-08 12:01 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 17:04 . 2006-10-19 02:47 613376 ------w- c:\windows\system32\wmpmde.dll
2010-12-15 17:04 . 2006-10-19 02:47 204288 ------w- c:\windows\system32\wmpsrcwp.dll
2010-12-15 17:04 . 2006-10-19 02:47 130048 ------w- c:\windows\system32\wmpps.dll
2010-12-15 17:04 . 2006-10-19 01:47 767488 ------w- c:\windows\system32\WMVSENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 656896 ------w- c:\windows\system32\WMVXENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 38400 ------w- c:\windows\system32\wpdshextres.dll
2010-12-15 17:04 . 2006-10-19 01:47 2603008 ------w- c:\windows\system32\WpdShext.dll
2010-12-15 17:04 . 2006-10-19 01:47 1575424 ------w- c:\windows\system32\WMVENCOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\WMVDECOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1382912 ------w- c:\windows\system32\WMVSDECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 133632 ------w- c:\windows\system32\WPDShServiceObj.dll
2010-12-15 17:04 . 2006-10-19 00:00 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2010-12-15 17:04 . 2004-10-11 19:20 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2010-12-15 17:04 . 2004-10-11 19:20 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2010-12-15 17:04 . 2004-10-11 19:20 35840 ----a-w- c:\windows\system32\wpdconns.dll
2010-12-15 17:04 . 2004-10-11 19:20 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-15 17:04 . 2004-10-11 19:20 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-15 17:04 . 2004-10-08 12:01 99840 ----a-w- c:\windows\system32\wmpshell.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 1329152 ----a-w- c:\windows\system32\WMSPDMOE.dll
2010-12-15 17:04 . 2004-10-08 12:01 8231936 ----a-w- c:\windows\system32\wmploc.dll
2010-12-15 17:04 . 2006-10-19 02:47 295936 ------w- c:\windows\system32\wmpeffects.dll
2010-12-15 17:04 . 2006-10-19 02:47 1661952 ------w- c:\windows\system32\wmpencen.dll
2010-12-15 17:04 . 2006-10-19 01:47 535040 ------w- c:\windows\system32\wmdrmsdk.dll
2010-12-15 17:04 . 2004-10-11 19:20 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2010-12-15 17:04 . 2004-10-11 19:20 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2010-12-15 17:04 . 2004-10-08 12:01 938496 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-12-15 17:04 . 2004-10-08 12:01 757248 ----a-w- c:\windows\system32\WMADMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 37376 ----a-w- c:\windows\system32\wmdmps.dll
2010-12-15 17:04 . 2004-10-08 12:01 33792 ----a-w- c:\windows\system32\wmdmlog.dll
2010-12-15 17:04 . 2004-10-08 12:01 227328 ----a-w- c:\windows\system32\wmerror.dll
2010-12-15 17:04 . 2004-10-08 12:01 222208 ----a-w- c:\windows\system32\WMASF.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\wmpasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 157184 ----a-w- c:\windows\system32\wmidx.dll
2010-12-15 17:04 . 2004-10-08 12:01 1117696 ----a-w- c:\windows\system32\WMADMOE.dll
2010-12-15 17:04 . 2006-10-19 01:47 254976 ------w- c:\windows\system32\PortableDeviceApi.dll
2010-12-15 17:04 . 2006-10-19 01:47 199168 ------w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-15 17:04 . 2006-10-19 01:47 166912 ------w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-15 17:04 . 2006-10-19 01:47 132096 ------w- c:\windows\system32\PortableDeviceWiaCompat.dll
2010-12-15 17:04 . 2006-10-19 01:47 101888 ------w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\wdfmgr.exe
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\uwdf.exe
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-12-15 17:04 . 2004-10-08 12:01 414720 ----a-w- c:\windows\system32\msscp.dll
2010-12-15 17:04 . 2004-10-08 12:01 321536 ----a-w- c:\windows\system32\mswmdm.dll
2010-12-15 17:04 . 2004-10-08 12:01 27136 ----a-w- c:\windows\system32\mspmsnsv.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\qasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 179712 ----a-w- c:\windows\system32\msnetobj.dll
2010-12-15 17:04 . 2004-10-08 12:01 175616 ----a-w- c:\windows\system32\mspmsp.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MPG4DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MP43DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 212992 ------w- c:\windows\system32\MFPLAT.dll
2010-12-15 17:04 . 2006-10-19 01:05 232448 ------w- c:\windows\system32\l3codecp.acm
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MPG4DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP4SDMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP43DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 11264 ----a-w- c:\windows\system32\LAPRXY.dll
2010-12-15 17:04 . 2004-10-08 12:01 100864 ----a-w- c:\windows\system32\logagent.exe
2010-12-15 17:04 . 2004-10-08 12:01 991744 ----a-w- c:\windows\system32\drmv2clt.dll
2010-12-15 17:04 . 2006-10-19 01:47 671232 ------w- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
2010-12-15 17:04 . 2006-10-19 01:47 276992 ------w- c:\windows\system32\audiodev.dll
2010-12-15 17:04 . 2006-10-19 00:00 249856 ------w- c:\windows\system32\drmupgds.exe
2010-12-15 17:04 . 2004-10-11 19:20 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-12-15 17:04 . 2004-10-08 12:01 87040 ----a-w- c:\windows\system32\drmstor.dll
2010-12-15 17:04 . 2004-10-08 12:01 7168 ----a-w- c:\windows\system32\asferror.dll
2010-12-15 17:04 . 2004-10-08 12:01 542720 ----a-w- c:\windows\system32\blackbox.dll
2010-12-15 17:04 . 2004-10-08 12:01 299520 ----a-w- c:\windows\system32\drmclien.dll
2010-12-15 17:04 . 2004-10-08 12:01 229376 ----a-w- c:\windows\system32\cewmdm.dll
2010-12-09 15:15 . 2004-10-08 12:01 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-10-08 12:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-10-08 12:01 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 18:44 . 2010-08-05 18:08 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 18:44 . 2010-12-01 18:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
.

------- Sigcheck -------

[-] 2010-12-15 17:04 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[7] 2010-12-15 17:04 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2010-02-20 21:30 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2008-11-29 17:45 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ioloDMV"=2 (0x2)
"ADVService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbccoms.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\World of Warcraft Beta\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/11/2010 5:08 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/24/2010 4:08 PM 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/28/2010 5:36 PM 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/28/2010 5:36 PM 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/24/2010 4:08 PM 17744]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 1:08 PM 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 1:44 PM 111504]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 4:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004Core.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004UA.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/flash/index.cfm?division=34
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1223.cab
FF - ProfilePath - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\gsa2mjge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Move Networks
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\dlbccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Completion time: 2011-02-22 20:30:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 01:30
ComboFix2.txt 2011-02-22 17:52

Pre-Run: 143,856,889,856 bytes free
Post-Run: 143,676,211,200 bytes free

- - End Of File - - 25C04BE82097FF656DCBE840E484A117
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 23rd, 2011, 11:37 am

Hi

Please see PM.


COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Firefox::
    FF - ProfilePath - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\gsa2mjge.default\
    FF - user.js: security.warn_viewing_mixed - 
    FF - user.js: security.warn_viewing_mixed.show_once - 
    FF - user.js: security.warn_submit_insecure - 
    FF - user.js: security.warn_submit_insecure.show_once - 
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


------------------------------------------------
After combofix has rebooted and produced it's log:
------------------------------------------------


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.4.1
  • Install the new downloaded updated software.
  • Then using the internal updater update ensure the software is updated to the current increment 10.0.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 23rd, 2011, 12:48 pm

So far so good. After running combofix the old Adobe reader successfully un-installed. I then installed the latest you linked.

Don't know if you wanted to see the latest combofix log?
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am

Re: O15 Entries, etc.

Unread postby melboy » February 23rd, 2011, 12:56 pm

Yes please.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: O15 Entries, etc.

Unread postby Mike10431 » February 23rd, 2011, 12:57 pm

ComboFix 11-02-23.01 - Michael XXXXXXXXXX 02/23/2011 11:31:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2569 [GMT -5:00]
Running from: c:\documents and settings\Michael XXXXXXXXXX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael XXXXXXXXXX\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 01:08 . 2011-02-23 01:08 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 01:08 . 2011-02-23 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-23 01:08 . 2011-02-23 01:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-21 20:51 . 2011-02-21 20:51 -------- d-----w- c:\program files\ESET
2011-02-16 16:51 . 2011-02-16 16:51 388096 ----a-r- c:\documents and settings\Michael XXXXXXXXXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 19:38 . 2011-02-13 19:38 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\WMTools Downloaded Files
2011-02-13 04:40 . 2011-02-13 13:29 -------- d-----w- c:\program files\Trend Micro
2011-02-13 03:29 . 2011-02-13 13:12 -------- d-----w- c:\documents and settings\Administrator
2011-02-12 22:58 . 2011-02-13 13:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-12 01:55 . 2011-02-23 13:11 -------- d-----w- c:\documents and settings\Michael XXXXXXXXXX\Tracing
2011-02-12 01:54 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-12 01:53 . 2011-02-12 01:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-12 01:51 . 2011-02-12 01:54 -------- d-----w- c:\program files\Microsoft
2011-02-12 01:51 . 2011-02-12 01:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-12 01:51 . 2011-02-12 01:53 -------- d-----w- c:\program files\Windows Live
2011-02-12 01:47 . 2011-02-12 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-11 19:30 . 2010-05-20 20:27 762736 ----a-w- c:\windows\vVX3000.exe
2011-02-11 19:30 . 2010-05-20 20:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2011-02-11 19:30 . 2010-05-20 20:27 503152 ----a-w- c:\windows\system32\LcProxy.ax
2011-02-11 19:30 . 2010-05-20 20:27 227696 ----a-w- c:\windows\vVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2011-02-11 19:30 . 2010-05-20 20:27 175472 ----a-w- c:\windows\system32\cVX3000.dll
2011-02-11 19:30 . 2010-05-20 20:27 101232 ----a-w- c:\windows\VX3000.dll
2011-02-11 19:30 . 2011-02-11 19:30 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-11 19:30 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-11 19:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-10 14:56 . 2011-02-10 14:56 -------- d-----w- c:\program files\Xvid
2011-02-10 14:56 . 2008-12-14 01:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-04 19:00 . 2011-02-04 19:00 -------- d-----w- c:\program files\Oracle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 20:29 . 2008-11-29 16:07 9216 ----a-w- c:\windows\system32\Native.exe
2011-01-21 14:44 . 2004-10-08 12:01 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-03-24 21:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-24 21:08 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-24 21:08 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-03-24 21:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-03-24 21:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-03-24 21:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-24 21:08 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-03-24 21:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-10-08 12:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2010-06-29 04:59 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-10-08 12:01 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-10-08 12:01 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-10-08 12:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-10-08 12:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-10-08 12:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-05-07 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-05-07 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-10-08 12:01 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-10-08 12:01 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 17:04 . 2006-10-19 02:47 613376 ------w- c:\windows\system32\wmpmde.dll
2010-12-15 17:04 . 2006-10-19 02:47 204288 ------w- c:\windows\system32\wmpsrcwp.dll
2010-12-15 17:04 . 2006-10-19 02:47 130048 ------w- c:\windows\system32\wmpps.dll
2010-12-15 17:04 . 2006-10-19 01:47 767488 ------w- c:\windows\system32\WMVSENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 656896 ------w- c:\windows\system32\WMVXENCD.dll
2010-12-15 17:04 . 2006-10-19 01:47 38400 ------w- c:\windows\system32\wpdshextres.dll
2010-12-15 17:04 . 2006-10-19 01:47 2603008 ------w- c:\windows\system32\WpdShext.dll
2010-12-15 17:04 . 2006-10-19 01:47 1575424 ------w- c:\windows\system32\WMVENCOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\WMVDECOD.dll
2010-12-15 17:04 . 2006-10-19 01:47 1382912 ------w- c:\windows\system32\WMVSDECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 133632 ------w- c:\windows\system32\WPDShServiceObj.dll
2010-12-15 17:04 . 2006-10-19 00:00 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2010-12-15 17:04 . 2004-10-11 19:20 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2010-12-15 17:04 . 2004-10-11 19:20 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2010-12-15 17:04 . 2004-10-11 19:20 35840 ----a-w- c:\windows\system32\wpdconns.dll
2010-12-15 17:04 . 2004-10-11 19:20 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-15 17:04 . 2004-10-11 19:20 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-15 17:04 . 2004-10-08 12:01 99840 ----a-w- c:\windows\system32\wmpshell.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmvdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\wmsdmod.dll
2010-12-15 17:04 . 2004-10-08 12:01 1329152 ----a-w- c:\windows\system32\WMSPDMOE.dll
2010-12-15 17:04 . 2004-10-08 12:01 8231936 ----a-w- c:\windows\system32\wmploc.dll
2010-12-15 17:04 . 2006-10-19 02:47 295936 ------w- c:\windows\system32\wmpeffects.dll
2010-12-15 17:04 . 2006-10-19 02:47 1661952 ------w- c:\windows\system32\wmpencen.dll
2010-12-15 17:04 . 2006-10-19 01:47 535040 ------w- c:\windows\system32\wmdrmsdk.dll
2010-12-15 17:04 . 2004-10-11 19:20 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2010-12-15 17:04 . 2004-10-11 19:20 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2010-12-15 17:04 . 2004-10-08 12:01 938496 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-12-15 17:04 . 2004-10-08 12:01 757248 ----a-w- c:\windows\system32\WMADMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 37376 ----a-w- c:\windows\system32\wmdmps.dll
2010-12-15 17:04 . 2004-10-08 12:01 33792 ----a-w- c:\windows\system32\wmdmlog.dll
2010-12-15 17:04 . 2004-10-08 12:01 227328 ----a-w- c:\windows\system32\wmerror.dll
2010-12-15 17:04 . 2004-10-08 12:01 222208 ----a-w- c:\windows\system32\WMASF.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\wmpasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 157184 ----a-w- c:\windows\system32\wmidx.dll
2010-12-15 17:04 . 2004-10-08 12:01 1117696 ----a-w- c:\windows\system32\WMADMOE.dll
2010-12-15 17:04 . 2006-10-19 01:47 254976 ------w- c:\windows\system32\PortableDeviceApi.dll
2010-12-15 17:04 . 2006-10-19 01:47 199168 ------w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-15 17:04 . 2006-10-19 01:47 166912 ------w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-15 17:04 . 2006-10-19 01:47 132096 ------w- c:\windows\system32\PortableDeviceWiaCompat.dll
2010-12-15 17:04 . 2006-10-19 01:47 101888 ------w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\wdfmgr.exe
2010-12-15 17:04 . 2004-10-11 19:20 8704 ----a-w- c:\windows\system32\uwdf.exe
2010-12-15 17:04 . 2004-10-11 19:20 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-12-15 17:04 . 2004-10-08 12:01 414720 ----a-w- c:\windows\system32\msscp.dll
2010-12-15 17:04 . 2004-10-08 12:01 321536 ----a-w- c:\windows\system32\mswmdm.dll
2010-12-15 17:04 . 2004-10-08 12:01 27136 ----a-w- c:\windows\system32\mspmsnsv.dll
2010-12-15 17:04 . 2004-10-08 12:01 211456 ----a-w- c:\windows\system32\qasf.dll
2010-12-15 17:04 . 2004-10-08 12:01 179712 ----a-w- c:\windows\system32\msnetobj.dll
2010-12-15 17:04 . 2004-10-08 12:01 175616 ----a-w- c:\windows\system32\mspmsp.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MPG4DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 259072 ------w- c:\windows\system32\MP43DECD.dll
2010-12-15 17:04 . 2006-10-19 01:47 212992 ------w- c:\windows\system32\MFPLAT.dll
2010-12-15 17:04 . 2006-10-19 01:05 232448 ------w- c:\windows\system32\l3codecp.acm
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MPG4DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP4SDMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 4096 ----a-w- c:\windows\system32\MP43DMOD.dll
2010-12-15 17:04 . 2004-10-08 12:01 11264 ----a-w- c:\windows\system32\LAPRXY.dll
2010-12-15 17:04 . 2004-10-08 12:01 100864 ----a-w- c:\windows\system32\logagent.exe
2010-12-15 17:04 . 2004-10-08 12:01 991744 ----a-w- c:\windows\system32\drmv2clt.dll
2010-12-15 17:04 . 2006-10-19 01:47 671232 ------w- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
2010-12-15 17:04 . 2006-10-19 01:47 276992 ------w- c:\windows\system32\audiodev.dll
2010-12-15 17:04 . 2006-10-19 00:00 249856 ------w- c:\windows\system32\drmupgds.exe
2010-12-15 17:04 . 2004-10-11 19:20 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-12-15 17:04 . 2004-10-08 12:01 87040 ----a-w- c:\windows\system32\drmstor.dll
2010-12-15 17:04 . 2004-10-08 12:01 7168 ----a-w- c:\windows\system32\asferror.dll
2010-12-15 17:04 . 2004-10-08 12:01 542720 ----a-w- c:\windows\system32\blackbox.dll
2010-12-15 17:04 . 2004-10-08 12:01 299520 ----a-w- c:\windows\system32\drmclien.dll
2010-12-15 17:04 . 2004-10-08 12:01 229376 ----a-w- c:\windows\system32\cewmdm.dll
2010-12-09 15:15 . 2004-10-08 12:01 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-10-08 12:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-10-08 12:01 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 18:44 . 2010-08-05 18:08 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 18:44 . 2010-12-01 18:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
.

------- Sigcheck -------

[-] 2010-12-15 17:04 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[7] 2010-12-15 17:04 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2010-02-20 21:30 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2008-11-29 17:45 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-22_17.51.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-23 13:10 . 2011-02-23 13:10 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
+ 2011-02-23 01:08 . 2011-02-23 01:08 157472 c:\windows\system32\javaws.exe
- 2010-03-07 02:15 . 2010-03-07 02:15 145184 c:\windows\system32\javaw.exe
+ 2011-02-23 01:08 . 2011-02-23 01:08 145184 c:\windows\system32\javaw.exe
+ 2011-02-23 01:08 . 2011-02-23 01:08 145184 c:\windows\system32\java.exe
- 2010-03-07 02:15 . 2010-03-07 02:15 145184 c:\windows\system32\java.exe
+ 2011-02-23 01:08 . 2011-02-23 01:08 180224 c:\windows\Installer\d86b7d.msi
+ 2011-02-23 01:08 . 2011-02-23 01:08 677376 c:\windows\Installer\d86b77.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ioloDMV"=2 (0x2)
"ADVService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbccoms.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\World of Warcraft Beta\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/11/2010 5:08 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/24/2010 4:08 PM 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/28/2010 5:36 PM 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/28/2010 5:36 PM 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/24/2010 4:08 PM 17744]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 1:08 PM 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 1:44 PM 111504]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\GPU-Z.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 4:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004Core.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-839522115-1004UA.job
- c:\documents and settings\Michael XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 00:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/flash/index.cfm?division=34
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1223.cab
FF - ProfilePath - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\gsa2mjge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Michael XXXXXXXXXX\Application Data\Move Networks
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 11:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-23 11:37:20
ComboFix-quarantined-files.txt 2011-02-23 16:37
ComboFix2.txt 2011-02-23 01:30
ComboFix3.txt 2011-02-22 17:52

Pre-Run: 143,467,495,424 bytes free
Post-Run: 143,443,558,400 bytes free

- - End Of File - - FA374163E4B85256C58C2018AE9B231E
Mike10431
Active Member
 
Posts: 11
Joined: February 13th, 2011, 12:51 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware