Recieving error message

J

Johndude77

New Member
I was getting some "The application failed to utilize properly (0X0000022). Click ok to terminate"

I know this has something to do with startup, since thats when it appears. However, then i look at my startup stuff, i dont see anything that could be bad.

59ts9w.jpg


Thx for any help

Also, that thing i showed you guys wont go away, i try disabling it but nothing, then i tried CCleaner but it didnt find it.
 
It looks like you are infected, can you expand the command section and give me the full file path?
 
That looks like a virus or something to me, although I could be wrong. Try this for me:

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
I did do a scan with Malwarebytes' Anti-Malware, but it didnt do the trick. I'll get the hijackThis log up soon.

I just looked at the location, and it's in system 32, thats a problem.
 
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4059

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/30/2010 7:25:30 PM
mbam-log-2010-07-30 (19-25-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 278347
Time elapsed: 1 hour(s), 36 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Live Access Operator\4.4.0.5790\laopx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\HottieArea Toolbar\2.4.0.10440\mvbasst.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\HottieArea Toolbar\2.4.0.10440\mvbsvc.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{61757AD1-21C3-4270-BE9F-03AA5348A5E5}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\O'Brien\Desktop\John's Stuff\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Local\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:38 PM, on 7/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HKCU] C:\Users\O'Brien\AppData\Roaming\System32\msn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Funband Serach - res://C:\Program Files\HottieArea Toolbar\2.4.0.10440\mvb0.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} (CNxSysInfoCtrl Object) - http://platform.nx.com/ActiveX/nxsysinfo.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\O'Brien\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\O'Brien\AppData\Local\CrossLoop\winvnc.exe

--
End of file - 9101 bytes
 
Malwarebytes is outdated. Please open malwarebytes and click on the update tab, then click on check for updates. Keep doing this until it says you have the latest version and then do another scan on your system and post new logs.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4372

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/30/2010 9:59:45 PM
mbam-log-2010-07-30 (21-59-45).txt

Scan type: Quick scan
Objects scanned: 137463
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\O'Brien\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Local\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Local\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
 
I see one file reappeared and got deleted again. So do this for me, reboot the system and do another quick scan and post the results along with a fresh hijackthis log.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4372

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/30/2010 10:27:36 PM
mbam-log-2010-07-30 (22-27-36).txt

Scan type: Quick scan
Objects scanned: 137031
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\O'Brien\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Local\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\O'Brien\AppData\Local\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
P.S looks like the same stuff from before, right?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:38 PM, on 7/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HKCU] C:\Users\O'Brien\AppData\Roaming\System32\msn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Funband Serach - res://C:\Program Files\HottieArea Toolbar\2.4.0.10440\mvb0.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} (CNxSysInfoCtrl Object) - http://platform.nx.com/ActiveX/nxsysinfo.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\O'Brien\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\O'Brien\AppData\Local\CrossLoop\winvnc.exe

--
End of file - 9101 bytes
 
Yes, it looks like you've got a rootkit somewhere.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
The link is a direct download link so no webpage will come up, just the download box. Open it with internet explorer if you have to.

or click on this link and then click on the bleeping computer link part way down the page under where it says using combofix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I'm going to bed now, so i won't be able to look over the log until tomorrow afternoon when i get home.
 
ComboFix 10-07-30.01 - O'Brien 07/30/2010 23:07:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1989 [GMT -4:00]
Running from: c:\users\O'Brien\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Advanced Entry Provider
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPCommon.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\Data\config.md
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome.manifest
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\AEPAddOn.jar
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.xul
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.xpt
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFHelperComponent.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\install.rdf
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.dat
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.exe
c:\program files\Live Access Operator
c:\program files\Live Access Operator\4.4.0.5790\Data\config.md
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome.manifest
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.js
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.xul
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\LAOAddOn.jar
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.dll
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.xpt
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFHelperComponent.js
c:\program files\Live Access Operator\4.4.0.5790\FF\install.rdf
c:\program files\Live Access Operator\4.4.0.5790\LAOCommon.dll
c:\program files\Live Access Operator\4.4.0.5790\unins000.dat
c:\program files\Live Access Operator\4.4.0.5790\unins000.exe
c:\program files\Real Search Enhancer
c:\program files\Real Search Enhancer\4.4.0.2520\Data\config.md
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome.manifest
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.xul
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\RSEAddOn.jar
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.xpt
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFHelperComponent.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\install.rdf
c:\program files\Real Search Enhancer\4.4.0.2520\RSECommon.dll
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.dat
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\O'Brien\AppData\Roaming\logs.dat
c:\users\O'Brien\AppData\Roaming\Microsoft\Windows\Recent\Lockerz_Ptz_Generator_v5.appref-ms
c:\users\O'Brien\AppData\Roaming\SQLite3.dll
c:\users\O'Brien\AppData\Roaming\System32
c:\users\O'Brien\AppData\Roaming\System32\msn.exe
c:\users\O'Brien\Documents\SYS
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 03:22 . 2010-07-31 03:23 -------- d-----w- c:\users\O'Brien\AppData\Local\temp
2010-07-31 03:22 . 2010-07-31 03:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-31 03:22 . 2010-07-31 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-31 01:34 . 2010-07-31 01:34 -------- d-----w- c:\program files\Trend Micro
2010-07-30 14:33 . 2010-07-30 14:33 -------- d-----w- c:\program files\Atheros
2010-07-30 14:33 . 2008-01-25 20:24 764416 ----a-w- c:\windows\system32\drivers\athr.sys
2010-07-30 14:33 . 2008-01-25 20:24 764416 ----a-w- c:\windows\system32\athr.sys
2010-07-30 14:32 . 2007-12-13 21:19 55808 ----a-w- c:\temp\devcon.exe
2010-07-30 14:31 . 2010-07-30 14:33 -------- d-----w- C:\temp
2010-07-30 14:30 . 2010-07-30 14:30 -------- d-----w- c:\program files\ltmoh
2010-07-28 17:13 . 2010-07-28 17:13 52204 ----a-w- c:\windows\system32\cc_20100728_131301.reg
2010-07-25 21:24 . 2010-07-25 21:24 -------- d-----w- C:\ubuntu
2010-07-25 19:57 . 2010-07-25 19:57 -------- d-----w- c:\program files\IObit
2010-07-25 16:41 . 2010-07-25 16:50 -------- d-----w- c:\program files\Registry Easy
2010-07-23 17:15 . 2010-07-24 15:05 -------- d-----w- c:\users\O'Brien\AppData\Local\pcsx2
2010-07-23 17:13 . 2010-07-23 17:15 -------- d-----w- c:\program files\PCSX2 0.9.7
2010-07-23 17:05 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-23 16:44 . 2010-07-23 16:44 -------- d-----w- C:\ATI
2010-07-23 16:34 . 2010-07-23 16:34 -------- d-----w- c:\program files\CPUID
2010-07-23 16:34 . 2010-07-09 17:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-07-23 16:05 . 2010-07-23 16:05 -------- d-----w- c:\program files\Click-2U
2010-07-04 21:48 . 2010-07-04 21:48 -------- d-----w- c:\programdata\RoboForm
2010-07-04 13:55 . 2010-06-08 15:39 52224 ----a-w- c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\FFExternalAlert.dll
2010-07-04 13:55 . 2010-06-08 15:39 101376 ----a-w- c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\RadioWMPCore.dll
2010-07-02 15:17 . 2010-07-29 18:06 -------- d-----w- C:\Hotspot Shield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 14:33 . 2008-02-13 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-30 02:40 . 2010-02-17 22:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 18:14 . 2008-02-13 02:07 -------- d-----w- c:\programdata\Napster
2010-07-29 18:10 . 2009-09-06 00:43 -------- d-----w- c:\program files\Yahoo!
2010-07-23 16:46 . 2008-09-01 02:07 -------- d-----w- c:\program files\ATI
2010-07-15 14:46 . 2010-04-24 12:54 46 ----a-w- c:\users\O'Brien\jagex_runescape_preferences.dat
2010-07-15 14:46 . 2010-04-24 12:56 99 ----a-w- c:\users\O'Brien\jagex_runescape_preferences2.dat
2010-07-15 12:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-25 23:44 . 2008-12-27 04:22 120208 ----a-w- c:\users\O'Brien\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-23 18:08 . 2010-06-23 18:08 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb798A.tmp.exe
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-14 20:47 . 2010-06-14 20:47 -------- d-----w- c:\users\O'Brien\AppData\Roaming\sysid
2010-06-14 20:45 . 2010-06-14 20:47 703653 ---h--w- c:\users\O'Brien\AppData\Roaming\sysid\sys.exe
2010-06-09 23:38 . 2010-06-09 23:38 -------- d-----w- c:\program files\LG Electronics
2010-06-08 20:24 . 2010-06-08 20:24 -------- d-----w- c:\program files\Mind Quiz
2010-06-05 15:23 . 2008-09-01 01:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-04 01:36 . 2010-06-04 01:36 680 ----a-w- c:\users\O'Brien\AppData\Local\d3d9caps.dat
2010-06-02 08:55 . 2010-07-23 17:06 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55 . 2010-07-23 17:06 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55 . 2010-07-23 17:06 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:02 . 2010-03-07 21:38 -------- d-----w- c:\program files\CamStudio
2010-05-26 17:06 . 2010-06-10 19:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 15:41 . 2010-07-23 17:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 14:47 . 2010-06-10 19:28 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-06 02:15 . 2010-05-06 02:15 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-06 02:14 . 2010-05-06 02:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-04 05:59 . 2010-06-10 19:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 19:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 19:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 19:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 18:33 . 2010-05-02 18:33 138056 ----a-w- c:\users\O'Brien\AppData\Roaming\PnkBstrK.sys
2010-05-02 18:33 . 2010-05-02 18:33 138056 ----a-w- c:\users\O'Brien\AppData\Roaming\PnkBstrK.sys
2008-12-27 04:22 . 2008-12-27 04:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-12-27 04:22 . 2008-12-27 04:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:32 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-10-29 11:54 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,0b,de,a2,8d,4a,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys [x]
R3 uvnc_service;uvnc_service;c:\users\O'Brien\AppData\Local\CrossLoop\winvnc.exe [2009-12-07 1590216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-09 691696]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 CrossLoopService;CrossLoop Service;c:\users\O'Brien\AppData\Local\CrossLoop\CrossLoopService.exe [2010-03-15 560792]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:28]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:28]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175489178-680292354-854438968-1000Core.job
- c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-21 16:53]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175489178-680292354-854438968-1000UA.job
- c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-21 16:53]

2009-09-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-09-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-07-29 c:\windows\Tasks\Norton Security Scan for O'Brien.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 04:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
FF - ProfilePath - c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin2.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin3.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin4.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin5.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin6.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HKCU - c:\users\O'Brien\AppData\Roaming\System32\msn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\O'Brien\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-30 23:26:04
ComboFix-quarantined-files.txt 2010-07-31 03:26
ComboFix2.txt 2010-03-01 20:11

Pre-Run: 120,286,126,080 bytes free
Post-Run: 120,381,464,576 bytes free

- - End Of File - - 129787381CAE5E57B7C6A12474EDB1C7
 
ComboFix 10-07-30.01 - O'Brien 07/30/2010 23:07:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1989 [GMT -4:00]
Running from: c:\users\O'Brien\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Advanced Entry Provider
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPCommon.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\Data\config.md
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome.manifest
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\AEPAddOn.jar
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.xul
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.xpt
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFHelperComponent.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\install.rdf
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.dat
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.exe
c:\program files\Live Access Operator
c:\program files\Live Access Operator\4.4.0.5790\Data\config.md
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome.manifest
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.js
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.xul
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\LAOAddOn.jar
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.dll
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.xpt
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFHelperComponent.js
c:\program files\Live Access Operator\4.4.0.5790\FF\install.rdf
c:\program files\Live Access Operator\4.4.0.5790\LAOCommon.dll
c:\program files\Live Access Operator\4.4.0.5790\unins000.dat
c:\program files\Live Access Operator\4.4.0.5790\unins000.exe
c:\program files\Real Search Enhancer
c:\program files\Real Search Enhancer\4.4.0.2520\Data\config.md
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome.manifest
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.xul
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\RSEAddOn.jar
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.xpt
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFHelperComponent.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\install.rdf
c:\program files\Real Search Enhancer\4.4.0.2520\RSECommon.dll
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.dat
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\O'Brien\AppData\Roaming\logs.dat
c:\users\O'Brien\AppData\Roaming\Microsoft\Windows\Recent\Lockerz_Ptz_Generator_v5.appref-ms
c:\users\O'Brien\AppData\Roaming\SQLite3.dll
c:\users\O'Brien\AppData\Roaming\System32
c:\users\O'Brien\AppData\Roaming\System32\msn.exe
c:\users\O'Brien\Documents\SYS
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 03:22 . 2010-07-31 03:23 -------- d-----w- c:\users\O'Brien\AppData\Local\temp
2010-07-31 03:22 . 2010-07-31 03:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-31 03:22 . 2010-07-31 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-31 01:34 . 2010-07-31 01:34 -------- d-----w- c:\program files\Trend Micro
2010-07-30 14:33 . 2010-07-30 14:33 -------- d-----w- c:\program files\Atheros
2010-07-30 14:33 . 2008-01-25 20:24 764416 ----a-w- c:\windows\system32\drivers\athr.sys
2010-07-30 14:33 . 2008-01-25 20:24 764416 ----a-w- c:\windows\system32\athr.sys
2010-07-30 14:32 . 2007-12-13 21:19 55808 ----a-w- c:\temp\devcon.exe
2010-07-30 14:31 . 2010-07-30 14:33 -------- d-----w- C:\temp
2010-07-30 14:30 . 2010-07-30 14:30 -------- d-----w- c:\program files\ltmoh
2010-07-28 17:13 . 2010-07-28 17:13 52204 ----a-w- c:\windows\system32\cc_20100728_131301.reg
2010-07-25 21:24 . 2010-07-25 21:24 -------- d-----w- C:\ubuntu
2010-07-25 19:57 . 2010-07-25 19:57 -------- d-----w- c:\program files\IObit
2010-07-25 16:41 . 2010-07-25 16:50 -------- d-----w- c:\program files\Registry Easy
2010-07-23 17:15 . 2010-07-24 15:05 -------- d-----w- c:\users\O'Brien\AppData\Local\pcsx2
2010-07-23 17:13 . 2010-07-23 17:15 -------- d-----w- c:\program files\PCSX2 0.9.7
2010-07-23 17:05 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-23 16:44 . 2010-07-23 16:44 -------- d-----w- C:\ATI
2010-07-23 16:34 . 2010-07-23 16:34 -------- d-----w- c:\program files\CPUID
2010-07-23 16:34 . 2010-07-09 17:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-07-23 16:05 . 2010-07-23 16:05 -------- d-----w- c:\program files\Click-2U
2010-07-04 21:48 . 2010-07-04 21:48 -------- d-----w- c:\programdata\RoboForm
2010-07-04 13:55 . 2010-06-08 15:39 52224 ----a-w- c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\FFExternalAlert.dll
2010-07-04 13:55 . 2010-06-08 15:39 101376 ----a-w- c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\RadioWMPCore.dll
2010-07-02 15:17 . 2010-07-29 18:06 -------- d-----w- C:\Hotspot Shield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 14:33 . 2008-02-13 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-30 02:40 . 2010-02-17 22:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 18:14 . 2008-02-13 02:07 -------- d-----w- c:\programdata\Napster
2010-07-29 18:10 . 2009-09-06 00:43 -------- d-----w- c:\program files\Yahoo!
2010-07-23 16:46 . 2008-09-01 02:07 -------- d-----w- c:\program files\ATI
2010-07-15 14:46 . 2010-04-24 12:54 46 ----a-w- c:\users\O'Brien\jagex_runescape_preferences.dat
2010-07-15 14:46 . 2010-04-24 12:56 99 ----a-w- c:\users\O'Brien\jagex_runescape_preferences2.dat
2010-07-15 12:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-25 23:44 . 2008-12-27 04:22 120208 ----a-w- c:\users\O'Brien\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-23 18:08 . 2010-06-23 18:08 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb798A.tmp.exe
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-14 20:47 . 2010-06-14 20:47 -------- d-----w- c:\users\O'Brien\AppData\Roaming\sysid
2010-06-14 20:45 . 2010-06-14 20:47 703653 ---h--w- c:\users\O'Brien\AppData\Roaming\sysid\sys.exe
2010-06-09 23:38 . 2010-06-09 23:38 -------- d-----w- c:\program files\LG Electronics
2010-06-08 20:24 . 2010-06-08 20:24 -------- d-----w- c:\program files\Mind Quiz
2010-06-05 15:23 . 2008-09-01 01:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-04 01:36 . 2010-06-04 01:36 680 ----a-w- c:\users\O'Brien\AppData\Local\d3d9caps.dat
2010-06-02 08:55 . 2010-07-23 17:06 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55 . 2010-07-23 17:06 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55 . 2010-07-23 17:06 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:02 . 2010-03-07 21:38 -------- d-----w- c:\program files\CamStudio
2010-05-26 17:06 . 2010-06-10 19:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 15:41 . 2010-07-23 17:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41 . 2010-07-23 17:06 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 14:47 . 2010-06-10 19:28 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-06 02:15 . 2010-05-06 02:15 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-06 02:14 . 2010-05-06 02:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-04 05:59 . 2010-06-10 19:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 19:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 19:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 19:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 18:33 . 2010-05-02 18:33 138056 ----a-w- c:\users\O'Brien\AppData\Roaming\PnkBstrK.sys
2010-05-02 18:33 . 2010-05-02 18:33 138056 ----a-w- c:\users\O'Brien\AppData\Roaming\PnkBstrK.sys
2008-12-27 04:22 . 2008-12-27 04:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-12-27 04:22 . 2008-12-27 04:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\users\O'Brien\Desktop\John's Stuff\DAEMON CD\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:32 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-10-29 11:54 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,0b,de,a2,8d,4a,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys [x]
R3 uvnc_service;uvnc_service;c:\users\O'Brien\AppData\Local\CrossLoop\winvnc.exe [2009-12-07 1590216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-09 691696]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 CrossLoopService;CrossLoop Service;c:\users\O'Brien\AppData\Local\CrossLoop\CrossLoopService.exe [2010-03-15 560792]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:28]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:28]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175489178-680292354-854438968-1000Core.job
- c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-21 16:53]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175489178-680292354-854438968-1000UA.job
- c:\users\O'Brien\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-21 16:53]

2009-09-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-09-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-07-29 c:\windows\Tasks\Norton Security Scan for O'Brien.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 04:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
FF - ProfilePath - c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\O'Brien\AppData\Roaming\Mozilla\Firefox\Profiles\bt8apvn2.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin2.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin3.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin4.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin5.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin6.dll
FF - plugin: c:\users\O'Brien\Desktop\John's Stuff\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HKCU - c:\users\O'Brien\AppData\Roaming\System32\msn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\O'Brien\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-30 23:26:04
ComboFix-quarantined-files.txt 2010-07-31 03:26
ComboFix2.txt 2010-03-01 20:11

Pre-Run: 120,286,126,080 bytes free
Post-Run: 120,381,464,576 bytes free

- - End Of File - - 129787381CAE5E57B7C6A12474EDB1C7
 
You must log in or register to reply here.
Back
Top