The system has detected a problem with one or more installed IDE/SATA hard disks

johnb35 said:
Kez,

I just noticed you have mcafee and avast installed on your machine. You can only have one installed at any given time. Which virus program are you wanting to keep? You must uninstall the other one. If you are keeping avast and getting rid of mcafee, please download and run their removal tool here.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

This may be the problem why unhide won't fix everything. If you are wanting to keep Mcafee then uninstall avast in add/remove programs.
Click to expand...

Thanks, I've been trying to get rid of the remnants of Mcafee for some time!
It has now gone, but unfortunately unhide still didn't restore the other stuff.

I am however able to add icons to the desktop and start menu, so if you think there are unlikely to be any other residual problems from this most annoying virus then I can live with this situation!

I've been using Avast for years and it always picks everything up before infection - do you know where this particular virus might have come from? (it seemed to appear when I was web browsing, but I hadn't downloaded anything.)

Thanks again for all your help.
 
If you can live with the way things are right now, then thats fine. As far as where you got the infection, most likely you visited a bad website. i would suggest you use the broswer addon called web of trust (wot). When you do web searches it shows you whether or not the site is safe or not.

http://www.mywot.com/
 
OK cool, have installed that addon. I think all is well now.

MANY THANKS, you're a lifesaver!

Cheers from the other side of the world,
Kez
 
Help

Need help you I encountered the malware recently and fix it accordingly to your guide but I feel like there's still something missing from my computer. Like when I use the unhide.exe, my start bar seems to be incomplete. And this is just to let you see whether my computer is free from the virus already or not. Thanks alot.

Here's the malewarebytes log. There are two different logs as I was infected on the same day...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6838

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/12/2011 3:50:47 PM
mbam-log-2011-06-12 (15-50-47).txt

Scan type: Quick scan
Objects scanned: 216947
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\all users\application data\ugjmynhsukifwrd.exe (Trojan.FakeAlert) -> 1036 -> Unloaded process successfully.
c:\documents and settings\all users\application data\19652388.exe (Trojan.FakeAlert) -> 3828 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uGjMyNHSUKIFwrD (Trojan.FakeAlert) -> Value: uGjMyNHSUKIFwrD -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ugjmynhsukifwrd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\19652388.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\tmp6664.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.







Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6840

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/12/2011 8:06:08 PM
mbam-log-2011-06-12 (20-06-08).txt

Scan type: Quick scan
Objects scanned: 216715
Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uGjMyNHSUKIFwrD (Trojan.FakeAlert) -> Value: uGjMyNHSUKIFwrD -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ugjmynhsukifwrd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\tmpF6E1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Sorry for double post. Need to ask is there anyway to prevent this again? I think the cause of the malware is I visited a basketball website as I tried it twice and learn my lesson. I have avast and nod32 as my anti virus but both seems unable to block this attack.
 
You can't have 2 antivirus programs installed at the same time, you must uninstall either avast or eset. After you uninstall one of the programs please download and run the program below. You must disable the realtime scanning of your virus program before running. Download combofix to your desktop screen and run it from there.

These new malware infections are becoming a real pain to clean up the damange.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Alright

Thanks. Alright I remove Nod32 and use avast as the anti virus. D you think I made the better choice.

Here are the logs. thanks

The ComboFix log

ComboFix 11-06-11.01 - User 06/12/2011 22:58:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2383 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 14:56 . 2011-06-12 14:56 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-10 09:04 . 2011-06-10 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-06-10 08:56 . 2011-06-10 08:56 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-10 08:56 . 2011-06-10 08:56 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2011-06-10 08:49 . 2011-06-10 08:49 -------- d-----w- c:\program files\USB TV
2011-06-10 08:42 . 2011-06-10 08:42 -------- d-----w- c:\program files\AMD APP
2011-06-10 08:41 . 2011-06-10 08:41 -------- d-----w- c:\program files\ATI Technologies
2011-06-10 08:41 . 2011-06-10 08:41 -------- d-----w- c:\program files\ATI
2011-06-10 08:40 . 2011-06-10 08:40 -------- d-----w- C:\ATI
2011-06-10 07:20 . 2009-09-04 09:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-10 07:20 . 2009-09-04 09:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-06-10 07:20 . 2009-09-04 09:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-06-07 07:17 . 2011-06-07 07:17 -------- d-----w- c:\program files\Common Files\InstallShield
2011-06-07 05:51 . 2011-06-07 05:52 -------- d-----w- c:\documents and settings\User\keel
2011-06-07 05:24 . 2011-06-07 05:24 -------- d-----w- c:\documents and settings\User\oni
2011-06-05 07:41 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-06-05 05:47 . 2010-07-27 08:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2011-06-05 05:47 . 2010-03-24 08:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2011-06-05 05:47 . 2010-03-24 08:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2011-06-05 05:47 . 2011-06-07 07:10 -------- d-----w- c:\program files\REACTOR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 01:11 . 2011-03-16 11:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:11 . 2011-03-16 11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 06:09 . 2007-12-04 17:41 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2007-12-04 17:41 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2007-12-04 17:41 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2007-12-04 17:41 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-04-19 14:10 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2007-12-04 17:41 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2007-12-04 17:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2007-12-04 17:41 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2007-12-04 17:41 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2007-12-04 17:41 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-10 12:10 . 2011-03-16 13:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-16 13:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-16 13:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-16 13:10 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-16 13:10 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-16 13:10 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-16 13:10 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-16 13:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-16 13:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-16 13:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-19 14:10 . 2011-04-19 14:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 14:10 . 2011-04-19 14:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-11 12:56 . 2011-03-29 06:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-08 08:53 . 2011-05-08 08:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1AB9333EC47BC064050A2BF554AE5A95 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Messenger_Plus_Live\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-04-27 400760]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-11-22 2836656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2006-02-28 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2011-02-23 22016]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [N/A]
ImationFlashDetect.lnk - c:\documents and settings\User\Local Settings\Temp\Imation\ImationFlashDetect.exe [N/A]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-6-10 81997]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-6 303104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\User\\Desktop\\yvd9prefinal\\Utilities\\Basic IRC.exe"=
"c:\\Documents and Settings\\User\\Desktop\\yvd9prefinal\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Utilities\\Basic IRC.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\FreeStyle\\FreeStyle.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\2k11\\nba2k11.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=
"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=
"d:\\Gunz\\Gunz.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25477:TCP"= 25477:TCP:BitComet 25477 TCP
"25477:UDP"= 25477:UDP:BitComet 25477 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2010 8:25 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/16/2011 9:10 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/16/2011 9:10 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/16/2011 9:10 PM 19544]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/10/2011 5:04 PM 2214504]
R2 U3SDR200;U3SDR200;c:\windows\system32\drivers\U3SDR200.SYS [3/17/2010 11:35 AM 4224]
S0 wrrpowly;wrrpowly;c:\windows\system32\drivers\jikju.sys --> c:\windows\system32\drivers\jikju.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:28 PM 135664]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\TLZC0.tmp --> c:\docume~1\User\LOCALS~1\Temp\TLZC0.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/2/2008 10:24 AM 10976]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:28 PM 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/9/2010 1:43 PM 137344]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [6/21/2008 8:26 AM 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [6/21/2008 8:26 AM 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [6/21/2008 8:26 AM 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [6/21/2008 8:27 AM 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [6/21/2008 8:26 AM 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [6/21/2008 8:27 AM 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [6/21/2008 8:27 AM 97704]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:28]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:28]
.
2011-01-07 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-12-31 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2fm83v0x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=36D583F4-CA0B-42DB-9073-728A0E93A57A&apn_ptnrs=PV&apn_sauid=49F55832-A66F-43C1-8834-64FDE0823A39&apn_dtid=YYYYYYYYSG&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{CC14DD9B-8599-EF19-7AB7-10CF9A32ED8A} - c:\program files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
HKCU-Run-Dog Bat - c:\docume~1\User\APPLIC~1\GRAMLI~1\deletelockssend.exe
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
HKLM-Run-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
AddRemove-C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-SopCast - c:\program files\SopCast\uninst.exe
AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe
AddRemove-{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A} - c:\program files\MetaTrader 4\Uninstall.exe
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - c:\program files\Eset\unins000.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 23:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\TLZC0.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-06-12 23:14:55
ComboFix-quarantined-files.txt 2011-06-12 15:14
.
Pre-Run: 3,548,626,944 bytes free
Post-Run: 6,119,878,656 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B81AA268C341DFC7FE9F507CFE1DE7EC



A fresh HiJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:01 PM, on 6/12/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTA2ODE5ODIxLVZPUCszLVQxLVVDQUxMKzEtQkFSOEcrMS1VQ0FMTDIrMi1UQjgrMi1GTCs4LVFJWDErNC1WSVAxMCsxLVgyMDEwKzI"&"prod=90"&"ver=10.0.1204
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: ImationFlashDetect.lnk = C:\Documents and Settings\User\Local Settings\Temp\Imation\ImationFlashDetect.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Parking Dash\Images\stg_drm.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Nanny Mania\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10654 bytes


An update on how your computer is running:
It's doing fine but I am unsure whether the nod32 is completely remove but I guess it is considering i don't see any nod32 stuff in the processes anymore.

And thanks alot.
 
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
File::
c:\windows\system32\ijjiSetup.exe
c:\windows\system32\ijjiProcessRestarter.exe

Driver::
wrrpowly
GarenaPEngine
GGSAFERDriver
npggsvc

Firefox::
FF - prefs.js: browser.search.selectedEngine - Ask.com
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Done what you asked.


ComboFix 11-06-11.01 - User 06/13/2011 1:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2471 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\ijjiProcessRestarter.exe"
"c:\windows\system32\ijjiSetup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ijjiProcessRestarter.exe
c:\windows\system32\ijjiSetup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_npggsvc
-------\Service_wrrpowly
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 14:56 . 2011-06-12 14:56 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-12 14:35 . 2011-06-12 14:35 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-06-12 14:35 . 2011-06-12 14:35 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2011-06-10 09:04 . 2011-06-10 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-06-10 08:56 . 2011-06-10 08:56 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-10 08:56 . 2011-06-10 08:56 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2011-06-10 08:49 . 2011-06-10 08:49 -------- d-----w- c:\program files\USB TV
2011-06-10 08:42 . 2011-06-10 08:42 -------- d-----w- c:\program files\AMD APP
2011-06-10 08:41 . 2011-06-10 08:41 -------- d-----w- c:\program files\ATI Technologies
2011-06-10 08:41 . 2011-06-10 08:41 -------- d-----w- c:\program files\ATI
2011-06-10 08:40 . 2011-06-10 08:40 -------- d-----w- C:\ATI
2011-06-10 07:20 . 2009-09-04 09:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-10 07:20 . 2009-09-04 09:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-06-10 07:20 . 2009-09-04 09:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-10 07:20 . 2009-09-04 09:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-06-07 07:17 . 2011-06-07 07:17 -------- d-----w- c:\program files\Common Files\InstallShield
2011-06-07 05:51 . 2011-06-07 05:52 -------- d-----w- c:\documents and settings\User\keel
2011-06-07 05:24 . 2011-06-07 05:24 -------- d-----w- c:\documents and settings\User\oni
2011-06-05 07:41 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-06-05 05:47 . 2010-07-27 08:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2011-06-05 05:47 . 2011-06-07 07:10 -------- d-----w- c:\program files\REACTOR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 01:11 . 2011-03-16 11:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:11 . 2011-03-16 11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 06:09 . 2007-12-04 17:41 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2007-12-04 17:41 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2007-12-04 17:41 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2007-12-04 17:41 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-04-19 14:10 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2007-12-04 17:41 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2007-12-04 17:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2007-12-04 17:41 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2007-12-04 17:41 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2007-12-04 17:41 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-10 12:10 . 2011-03-16 13:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-16 13:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-16 13:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-16 13:10 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-16 13:10 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-16 13:10 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-16 13:10 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-16 13:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-16 13:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-16 13:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-19 14:10 . 2011-04-19 14:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 14:10 . 2011-04-19 14:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-11 12:56 . 2011-03-29 06:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-08 08:53 . 2011-05-08 08:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1AB9333EC47BC064050A2BF554AE5A95 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-06-12_15.10.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-12 17:51 . 2011-06-12 17:51 16384 c:\windows\Temp\Perflib_Perfdata_414.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Messenger_Plus_Live\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-04-27 400760]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-11-22 2836656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2006-02-28 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [N/A]
ImationFlashDetect.lnk - c:\documents and settings\User\Local Settings\Temp\Imation\ImationFlashDetect.exe [N/A]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-6-10 81997]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-6 303104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\User\\Desktop\\yvd9prefinal\\Utilities\\Basic IRC.exe"=
"c:\\Documents and Settings\\User\\Desktop\\yvd9prefinal\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Utilities\\Basic IRC.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\FreeStyle\\FreeStyle.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\2k11\\nba2k11.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=
"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=
"d:\\Gunz\\Gunz.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25477:TCP"= 25477:TCP:BitComet 25477 TCP
"25477:UDP"= 25477:UDP:BitComet 25477 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2010 8:25 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/16/2011 9:10 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/16/2011 9:10 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/16/2011 9:10 PM 19544]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/10/2011 5:04 PM 2214504]
R2 U3SDR200;U3SDR200;c:\windows\system32\drivers\U3SDR200.SYS [3/17/2010 11:35 AM 4224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:28 PM 135664]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/2/2008 10:24 AM 10976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:28 PM 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/9/2010 1:43 PM 137344]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [6/21/2008 8:26 AM 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [6/21/2008 8:26 AM 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [6/21/2008 8:26 AM 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [6/21/2008 8:27 AM 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [6/21/2008 8:26 AM 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [6/21/2008 8:27 AM 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [6/21/2008 8:27 AM 97704]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:28]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:28]
.
2011-01-07 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-12-31 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2fm83v0x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=36D583F4-CA0B-42DB-9073-728A0E93A57A&apn_ptnrs=PV&apn_sauid=49F55832-A66F-43C1-8834-64FDE0823A39&apn_dtid=YYYYYYYYSG&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 01:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2011-06-13 01:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-12 17:56
ComboFix2.txt 2011-06-12 15:14
.
Pre-Run: 6,116,200,448 bytes free
Post-Run: 5,952,499,712 bytes free
.
- - End Of File - - 73A2722F33AED6CD845CF4A2A85BDCAA
 
johnb35 said:
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Click to expand...

sweetbutterfly73 said:
I know I have a virus. I just dont know how to get rid of it. Right now I have to use another comuter to post this because I cant even use my laptop which has become infected.

I need help please!

I just started an online business as a stay at home mom and I need access to the internet and my computer for my business!

I will warn you. I dont know much about computer stuff so if someone can help me I will need baby steps through the process :) And since I cant even use the computer that is infected, I will need to know how to go about getting rid of the virus even if it wont access the internet.

Thank you SOOOOOO much! I need this for my business!!!
Click to expand...

Johnb35 -

I didn't see where you addressed "sweetbutterfly" questions about getting rid of the virus if you can't even access the internet from the infected computer? I have a computer that was just infected and I happened upon this thread and I can't access the internet to download all the files that are suggesting. Please help.
 
johnb35 said:
topcatin,

It looks like combofix got everything. How's the pc running now?
Click to expand...

John I had posted this earlier. Thanks for your help in clearing the virus. PC runs fine but my apps are not visible when I go to "All Programs" For example: If I click on "Start"->Programs->Microsoft Office--> Microsoft Word--> Empty (instead of showing MSWORD,Excel).
Another thing is when I go to "Control Panel" and "Administrator" tools the folder is empty.
I dont know if this matters, but yesterday after running the malware program, someone mentioned in this thread to go to the properties of your folder and uncheck the hidden. I tried this on the "Administrator" and "All Users" folder, and then I ran the unhide.exe.
Does this matter?
My computer runs fine but these apps are still missing. I ran avast full scan and it found 3 infections which it placed in the "chest" with no issues.

please advise..
Thanks.
 
topcatin said:
John I had posted this earlier. Thanks for your help in clearing the virus. PC runs fine but my apps are not visible when I go to "All Programs" For example: If I click on "Start"->Programs->Microsoft Office--> Microsoft Word--> Empty (instead of showing MSWORD,Excel).
Another thing is when I go to "Control Panel" and "Administrator" tools the folder is empty.
I dont know if this matters, but yesterday after running the malware program, someone mentioned in this thread to go to the properties of your folder and uncheck the hidden. I tried this on the "Administrator" and "All Users" folder, and then I ran the unhide.exe.
Does this matter?
My computer runs fine but these apps are still missing. I ran avast full scan and it found 3 infections which it placed in the "chest" with no issues.

please advise..
Thanks.
Click to expand...

I swear I replied to you but maybe not.

This should restore your administrative tools programs to the Start Menu. Download and save this to Desktop,

Restore Admin Tools Program Files Menu with admintools.zip for XP
Extract (unzip) the tool, double-click on it to run and click on Restore Administrative Tools Items.



If you still have the office cd, just do repair install of office and it should fix the shortcuts. Or you can manually add the shortcuts back.
 
addagirl73 said:
Johnb35 -

I didn't see where you addressed "sweetbutterfly" questions about getting rid of the virus if you can't even access the internet from the infected computer? I have a computer that was just infected and I happened upon this thread and I can't access the internet to download all the files that are suggesting. Please help.
Click to expand...

If you can't access the internet to download the tools then you must use a usb flash drive to download them to a computer that has internet access and then transfer them to the flash drive and then put them on the infected computer and then run them.
 
Oh sorry, forgot all about it.

Rerun hijackthis and place checks next to the following entries.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg"&"inst=NzctNTA2ODE5ODIxLVZPUCszLVQxLVVDQUxM KzEtQkFSOEcrMS1VQ0FMTDIrMi1UQjgrMi1GTCs4LVFJWDErNC 1WSVAxMCsxLVgyMDEwKzI"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Then click on fix checked.

Also, you have p2p software installed. bittorent and limewire. I highly suggest you uninstall it as this could be the reason you were infected. Most files downloaded by p2p programs contain malware.

Please navigate to c:\qoobox and in that folder will be a file named "add-remove programs.txt" Please open that log and copy and paste the contents back here.

If you have any nongenuine(illegal/pirated) software installed please uninstall it before posting the log.
 
Unable to log on to internet to make correction

I have the problem described in this thread. But, I am unable to sign on to the internet to download malware. i am currently using another PC to try and correct this problem. I have not computer experience. Help!!!
The problem is: The system has detected a problem with one or more installed IDE/SATA...

I am also getting this error: Read time to hard drive clusters less than 500 ms..

This error also: Bad sectors on hard drive or damaged file allocation table...

Another error is displayed: Boot sector of the hard drive is damaged...

Again another problem displayed is : Hard drive doesn't repond to system commands...
 
Last edited:
smb820 said:
I have the problem described in this thread. But, I am unable to sign on to the internet to download malware. i am currently using another PC to try and correct this problem. I have not computer experience. Help!!!
The problem is: The system has detected a problem with one or more installed IDE/SATA...

I am also getting this error: Read time to hard drive clusters less than 500 ms..

This error also: Bad sectors on hard drive or damaged file allocation table...

Another error is displayed: Boot sector of the hard drive is damaged...

Again another problem displayed is : Hard drive doesn't repond to system commands...
Click to expand...

Your best bet would be to download the following file to a usb flash drive and then boot to safe mode on the infected pc and then run it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

After running this you should be able to work in regular mode and then do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Hi John, My post was on page 5 and here is what you asked for thanks,
Mark
ComboFix 11-06-10.08 - User 06/10/2011 14:08:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.707 [GMT -6:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\drivers\hwinterface.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 17:39 . 2011-06-10 17:39 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-06-10 17:39 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 17:39 . 2011-06-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-10 17:38 . 2011-06-10 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-10 17:38 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 15:02 . 2011-06-10 15:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-08 19:00 . 2011-06-08 19:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2011-06-08 17:11 . 2011-06-08 17:11 -------- d-----w- c:\documents and settings\User\Application Data\AVG10
2011-06-08 17:11 . 2011-06-08 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-08 17:10 . 2011-06-10 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-08 17:09 . 2011-06-08 17:09 -------- d-----w- c:\program files\AVG
2011-06-08 16:52 . 2011-06-10 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-19 21:31 . 2008-04-14 07:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-19 21:31 . 2008-04-14 07:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-06-08 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-19 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2009-12-25 206216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngserver.exe"=
"c:\\Program Files\\Symantec\\Ghost\\GhostSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 6:00 AM 14336]
R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [4/28/2011 9:18 AM 14208]
R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.Sys [4/28/2011 9:18 AM 48256]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [4/28/2011 9:18 AM 48512]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [4/28/2011 9:18 AM 37504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/10/2011 11:39 AM 39984]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [3/5/2011 1:36 AM 14592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 66.180.96.12
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\mls6hpax.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-EloTouchscreen - c:\program files\elotouchsystems\EloSetup
AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\EloSrvce.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\EloDkMon.exe
c:\windows\system32\EloTTray.exe
c:\program files\Symantec\Ghost\ngserver.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Symantec\Ghost\bin\dbserv.exe
c:\program files\Symantec\Ghost\bin\rteng9.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-06-10 14:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 20:14
.
Pre-Run: 55,723,675,648 bytes free
Post-Run: 56,438,157,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 99CDDDA33F87142E70E320D45A5906C7
 
Thank you for your help. My computer is back up. I have to redo some of my personal updates, but most of all the instructions you gave me was a blessing!!!
I did the HiJack, but I received a popup that stated something was not allowing HiJack to access the Host. It gave instructions on how to manually do the scan. I did not do this because I am was not comfortable with manually doing the HiJack request. I am submitting the other logs you requested. Again, Thanks.
ComboFix log

ComboFix 11-06-12.04 - SMBarron 06/13/2011 10:17:07.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1932 [GMT -5:00]
Running from: e:\stephanie\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\51632000.exe
c:\programdata\FcfOwmsgtCRNpxt.exe
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{238282EE-06AB-4073-A67C-C8A582F7EE5D}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F9F32A6-943F-4125-81B2-1AE089F7AE43}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4F2C8C4B-CC46-443B-BE2E-0958CD914FEE}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56BEBAAD-4FE7-4118-9DFA-88ADB63B84F2}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{87340114-5D86-4D3F-AB81-4ED5C0526CAD}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5B3ECE7-A7C2-41D3-9DC3-BCAF4B272865}.xps
c:\users\SMBarron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D38F5074-14A3-40D2-89BC-21322A2FF7E0}.xps
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 15:25 . 2011-06-13 15:25 0 ---ha-w- c:\users\SMBarron\AppData\Local\BIT85D3.tmp
2011-06-13 15:13 . 2011-06-13 15:14 -------- d-----w- C:\32788R22FWJFW
2011-06-13 04:44 . 2011-06-13 04:44 -------- d-----w- c:\windows\system32\SPReview
2011-06-13 04:42 . 2011-06-13 04:42 -------- d-----w- c:\windows\system32\EventProviders
2011-06-10 22:58 . 2011-05-09 22:00 8718160 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE791411-DC34-4D56-A3AB-D712DD1F4731}\mpengine.dll
2011-06-10 00:06 . 2011-06-10 00:06 -------- d--h--w- c:\users\SMBarron\AppData\Roaming\webex
2011-06-10 00:05 . 2011-06-10 00:06 -------- d--h--w- c:\programdata\WebEx
2011-05-26 15:58 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 03:55 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 03:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 11:32 . 2010-05-21 02:43 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-12 11:32 . 2010-05-28 06:47 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-12 11:32 . 2010-05-21 02:41 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-07 14:50 . 2010-05-28 06:47 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-07 14:50 . 2010-05-21 02:43 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-07 14:49 . 2010-05-28 06:46 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-06-04 13:43 . 2010-05-31 15:40 539968 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 06:45 . 2011-05-12 03:15 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-12 03:15 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-12 03:15 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-29 03:32 . 2011-05-12 03:15 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:32 . 2011-05-12 03:15 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:32 . 2011-05-12 03:15 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:32 . 2011-05-12 03:15 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:32 . 2011-05-12 03:15 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:32 . 2011-05-12 03:15 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:32 . 2011-05-12 03:15 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-27 19:18 . 2011-03-27 19:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-27 19:18 . 2011-03-27 19:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-27 19:18 . 2011-03-27 19:18 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-27 19:18 . 2011-03-27 19:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-27 19:18 . 2011-03-27 19:18 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-27 19:18 . 2011-03-27 19:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-27 19:18 . 2011-03-27 19:18 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-27 19:18 . 2011-03-27 19:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-27 19:18 . 2011-03-27 19:18 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-27 19:18 . 2011-03-27 19:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-27 19:18 . 2011-03-27 19:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-27 19:18 . 2011-03-27 19:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-27 19:18 . 2011-03-27 19:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-27 19:18 . 2011-03-27 19:18 448512 ----a-w- c:\windows\system32\html.iec
2011-03-27 19:18 . 2011-03-27 19:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-27 19:18 . 2011-03-27 19:18 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-27 19:18 . 2011-03-27 19:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-27 19:18 . 2011-03-27 19:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-27 19:18 . 2011-03-27 19:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-27 19:18 . 2011-03-27 19:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-27 19:18 . 2011-03-27 19:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-27 19:18 . 2011-03-27 19:18 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-27 19:18 . 2011-03-27 19:18 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-27 19:18 . 2011-03-27 19:18 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-27 19:18 . 2011-03-27 19:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-27 19:18 . 2011-03-27 19:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-27 19:18 . 2011-03-27 19:18 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-27 19:18 . 2011-03-27 19:18 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-27 19:18 . 2011-03-27 19:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-27 19:18 . 2011-03-27 19:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-27 19:18 . 2011-03-27 19:18 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-27 19:18 . 2011-03-27 19:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-27 19:18 . 2011-03-27 19:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-27 19:18 . 2011-03-27 19:18 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-27 19:18 . 2011-03-27 19:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-27 19:18 . 2011-03-27 19:18 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-27 19:18 . 2011-03-27 19:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-27 19:18 . 2011-03-27 19:18 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-27 19:18 . 2011-03-27 19:18 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-27 19:18 . 2011-03-27 19:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-27 19:18 . 2011-03-27 19:18 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-27 19:18 . 2011-03-27 19:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"FaxMonitor"="c:\program files (x86)\IPFax\FaxMonitor.exe" [2009-06-08 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-05-11 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-12-02 165104]
.
c:\users\SMBarron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files (x86)\Sandisk\Common\Bin\WinCinemaMgr.exe [2011-3-28 303104]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 21:31 140552 ---ha-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 149544]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 148008]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 205352]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 15:49]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 15:49]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723741184-3176970583-2435770781-1000Core.job
- c:\users\SMBarron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 15:49]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723741184-3176970583-2435770781-1000UA.job
- c:\users\SMBarron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 15:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF29905.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Spell Check Options... - c:\program files (x86)\ucietb\Speller.dll/RUNOPTIONS.HTM
IE: Spell Check this page... - c:\program files (x86)\ucietb\Speller.dll/RUNSPELLER.HTM
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-FcfOwmsgtCRNpxt - c:\programdata\FcfOwmsgtCRNpxt.exe
Wow6432Node-HKLM-Run-fsi - c:\program files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-06-13 10:35:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-13 15:35
.
Pre-Run: 196,179,357,696 bytes free
Post-Run: 195,755,737,088 bytes free
.
- - End Of File - - 8A3E1C0B3F2DD495E6724A9C11E20373
 
You must log in or register to reply here.
Back
Top