Webhp Google redirects

[mike1414]

Hey guys. I have another problem I hope you all can help me with. I had a bad infection on my laptop before that johnb35 was a great help with.

I think I have a rootkit infection that inserts itself into google chrome and redirects the page to google.com/webhp (and some other text) before I can finish typing in a search. I'm running Xp Pro and also cannot boot to safe mode. When I hit F8, I get a brief flash of the screen that shows the windows/recovery console option, then windows loads normally.

I recently did a fresh install of Windows on a newly wiped drive and got a new (refurbished) motherboard, new processor, and new graphics card. I could just reformat and reinstall everything, but I'd rather not if I can help it.

Also, I suppose I should mention that I foolishly tried to run combofix myself without guidance. I ran it a few times, but I still have the problem. One of the times I ran it, I accidentally ran it from the c drive instead of the desktop. I have gmer and dds logs that were run today as well (if needed). I have run an updated MBAM and it shows nothing is infected.

Please help!

 

[johnb35]

Hi Mike,

I still need to see the malwarebytes log and a hijackthis log. I need to make sure you are running the latest database version of malwarebytes.

So post the malwarebytes log and then the hijackthis log.

 

[mike1414]

Hey John! Well here are the logs :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:49 AM, on 7/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\program files\mediamonkey\mediamonkey.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 4713 bytes





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4338

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/22/2010 9:50:45 AM
mbam-log-2010-07-22 (09-50-45).txt

Scan type: Quick scan
Objects scanned: 121741
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[johnb35]

For now, just post the combofix and gmer logs, hold off on the dds log.

 

[mike1414]

Well, I deleted the combofix logs. Should I try to run it again?

Here's the gmer log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-21 17:14:01
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pwtyqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB49B8CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB49B8B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB49B9142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB49B906C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB49B8764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB49B8C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB49B86A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB49B8708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB49B8D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB49B9210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB49B8D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB49B8EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB49C5B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB49C59C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB49C5AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8057832A 7 Bytes JMP B49C5AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F23E 7 Bytes JMP B49C59C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B073A 5 Bytes JMP B49C15B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7428 5 Bytes JMP B49C2F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5C32 7 Bytes JMP B49C5BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB723D3A0, 0x592C35, 0xE8000020]

---- EOF - GMER 1.0.15 ----

 

[johnb35]

Yes, rerun combofix and post the logfile.

From now on, don't run combofix without being told to do so. You have deleted the logs already and have no clue what it found and deleted. Never delete the logs until the computer is clean.

Delete the combofix file you have and redownload the latest version here.

http://www.bleepingcomputer.com/download/anti-virus/combofix

 

[mike1414]

Sorry about that. Lesson learned. I had just wanted a quick fix, but now I realize the best course of action is to be patient and walk through the steps.

Okay, so I ran the new Combofix. Is it normal for Combofix to place an "Internet Explorer" icon on your desktop? I think it did it the other times I ran it too.

here's the log:


ComboFix 10-07-22.06 - Mike 07/23/2010 7:11.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2415.1813 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\Sun
2010-07-21 11:51 . 2010-07-21 11:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-21 07:59 . 2010-07-21 07:59 -------- d-----w- c:\program files\Xvid
2010-07-21 07:59 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-21 07:59 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-21 01:43 . 2010-07-21 01:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 01:43 . 2010-07-21 01:43 503808 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcp71.dll
2010-07-21 01:43 . 2010-07-21 01:43 499712 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\jmc.dll
2010-07-21 01:43 . 2010-07-21 01:43 348160 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcr71.dll
2010-07-21 01:43 . 2010-07-21 01:43 61440 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-sse.dll
2010-07-21 01:43 . 2010-07-21 01:43 12800 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-d3d.dll
2010-07-21 01:43 . 2010-07-21 01:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-21 01:42 . 2010-07-21 01:42 -------- d-----w- c:\program files\Java
2010-07-19 16:33 . 2010-07-19 16:34 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2010-07-19 10:52 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-07-19 10:52 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-07-19 10:47 . 2010-07-19 10:47 -------- d-----w- c:\program files\Bonjour
2010-07-19 10:44 . 2010-07-19 10:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 10:19 . 2010-07-19 11:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 09:52 . 2010-07-19 16:14 7520 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-19 09:52 . 2010-07-19 16:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Corel
2010-07-19 09:52 . 2010-07-19 10:01 88 --sh--r- c:\documents and settings\All Users\Application Data\47A4C2FF9F.sys
2010-07-19 09:37 . 2010-07-19 15:11 -------- d-----w- c:\documents and settings\Mike\Application Data\Ulead Systems
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\program files\SmartSound Software
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\windows\system32\windows media
2010-07-19 09:37 . 2010-07-19 09:37 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-19 09:36 . 2010-07-19 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-07-19 09:35 . 2010-07-19 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-07-19 09:32 . 2010-07-19 09:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-07-19 09:31 . 2010-07-19 16:11 -------- d-----w- c:\program files\Common Files\Corel
2010-07-19 09:31 . 2010-07-19 09:31 -------- d-----w- c:\program files\Windows Media Components
2010-07-19 09:30 . 2010-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-07-19 09:30 . 2010-07-19 09:30 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-07-19 09:30 . 2010-07-19 16:10 -------- d-----w- c:\program files\Corel
2010-07-19 09:29 . 2010-07-19 09:29 65440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\MSBuild
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\Reference Assemblies
2010-07-19 09:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-19 09:28 . 2010-07-19 09:28 -------- d-----w- C:\c8a28e6e4e71f87aab
2010-07-19 09:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-19 09:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-19 09:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-19 09:00 . 2010-07-19 09:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\NOS
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\Polynomial
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\program files\Polynomial-free-00m_windows
2010-07-18 14:33 . 2010-07-18 14:33 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-18 12:19 . 2010-07-18 12:19 799 ----a-w- c:\windows\unins000.dat
2010-07-18 12:19 . 2010-07-18 12:19 640957 ----a-w- c:\windows\unins000.exe
2010-07-18 12:19 . 2002-04-06 04:57 237568 ----a-w- c:\windows\Matrix Code Emulator.scr
2010-07-18 12:16 . 2010-07-18 12:16 -------- d-----w- c:\program files\RainCast v2.0
2010-07-18 12:16 . 2004-10-14 02:57 186368 ----a-w- c:\windows\RainCast v2.0.scr
2010-07-18 10:25 . 2010-07-18 10:26 -------- d-----w- c:\documents and settings\Mike\Application Data\acccore
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AOL
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\AOL
2010-07-18 10:11 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-18 10:03 . 2010-07-18 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-18 10:02 . 2010-07-23 02:19 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 10:00 . 2010-07-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-18 07:29 . 2010-07-18 07:29 -------- d-----w- C:\CloneDVDTemp
2010-07-18 03:14 . 2010-07-18 03:14 -------- d-----w- c:\program files\Trend Micro
2010-07-18 03:02 . 2010-07-18 03:02 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Nero
2010-07-18 02:59 . 2010-07-19 16:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Ahead
2010-07-18 02:58 . 2010-07-18 02:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\program files\Nero
2010-07-18 02:54 . 2010-07-18 02:57 -------- d-----w- c:\program files\Common Files\Nero
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Innovative Solutions
2010-07-17 03:08 . 2010-07-17 03:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Auslogics
2010-07-16 20:42 . 2010-07-16 20:42 -------- d-----w- c:\program files\VS Revo Group
2010-07-16 20:33 . 2010-07-16 20:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\eSupport.com
2010-07-16 18:05 . 2010-07-16 18:05 -------- d-----w- c:\program files\Lavalys
2010-07-16 16:24 . 2010-07-16 16:24 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-07-16 16:19 . 2010-07-16 16:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-16 16:19 . 2009-12-03 20:01 2835416 -c--a-w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 15:53 . 2010-07-19 11:05 27192 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 15:53 . 2010-07-16 15:53 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Stardock
2010-07-16 15:52 . 2010-07-16 15:52 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-16 15:01 . 2010-07-16 15:52 -------- d-----w- c:\program files\Stardock
2010-07-16 15:01 . 2007-07-11 22:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-07-16 14:33 . 2010-07-16 14:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Identities
2010-07-16 14:31 . 2010-07-16 14:31 -------- d-----w- c:\program files\Auslogics
2010-07-16 14:16 . 2010-07-16 14:16 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-16 14:14 . 2010-07-16 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-07-16 14:12 . 2010-07-16 14:12 -------- d-----w- c:\program files\SlySoft
2010-07-16 13:43 . 2010-07-16 13:43 -------- d-----w- c:\documents and settings\Mike\Application Data\Foxit Software
2010-07-16 13:42 . 2010-07-16 13:42 -------- d-----w- c:\program files\Foxit Software
2010-07-16 13:28 . 2010-07-22 19:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Last.fm
2010-07-16 13:28 . 2010-07-16 13:28 -------- d-----w- c:\program files\Last.fm
2010-07-16 13:23 . 2010-07-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-23 02:21 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-16 12:40 -------- d-----w- c:\program files\MediaMonkey
2010-07-16 12:25 . 2010-07-16 12:25 -------- d-----w- C:\RCT3
2010-07-16 11:53 . 2010-07-16 11:53 -------- d-----w- c:\program files\uTorrent
2010-07-16 11:53 . 2010-07-23 14:07 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Media Player Classic
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\program files\mplayerc_20100214
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Atari
2010-07-16 10:09 . 2010-07-17 03:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Leadertech
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-16 10:09 . 2002-02-28 01:50 197120 ----a-w- c:\windows\patchw32.dll
2010-07-16 10:06 . 2010-07-16 10:06 -------- d-----w- c:\program files\Atari
2010-07-16 10:00 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-16 09:55 . 2009-11-12 00:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-07-16 09:55 . 2010-07-16 09:55 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-16 09:47 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:57 . 2010-07-16 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 16:29 . 2010-07-19 10:53 -------- d-----w- c:\program files\QuickTime
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\program files\Apple Software Update
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-19 11:44 . 2010-07-19 11:44 -------- d-----w- c:\program files\Unlocker
2010-07-19 11:15 . 2010-07-19 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-19 11:00 . 2010-07-19 11:00 -------- d-----w- c:\program files\Common Files\Control Panels
2010-07-19 10:58 . 2010-07-19 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-16 15:51 . 2010-07-16 08:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 09:26 . 2010-07-16 08:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-16 09:09 . 2010-07-16 09:08 -------- d-----w- c:\program files\NVIDIA Corporation
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_18.21.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-22 20:36 . 2010-07-22 20:36 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-7-16 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-07-16 15:03 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/16/2010 2:37 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2010 2:37 AM 17744]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [7/16/2010 1:31 AM 28672]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUDFPF
*NewlyCreated* - WUDFSVC
.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-12 00:23]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 07:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(944)
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-23 07:17:33
ComboFix-quarantined-files.txt 2010-07-23 14:17
ComboFix2.txt 2010-07-21 19:21
ComboFix3.txt 2010-07-21 19:11
ComboFix4.txt 2010-07-21 18:42
ComboFix5.txt 2010-07-21 19:29

Pre-Run: 136,431,509,504 bytes free
Post-Run: 136,418,840,576 bytes free

- - End Of File - - 5FAE7E671C7A65BDB8AA6A4879DF0E22

 

[mike1414]

I thought I'd ask one more thing as well. I run Microsoft Intellitype for my keyboard and normally, the volume control on the keyboard works, but around the time I had this problem, the volume adjustment no longer works or is displayed on the screen. I checked my processes and it says "itype.exe" is running. The play and stop buttons work, just not the volume. Is it possible that an infection could cause that? Or could having run combofix cause it?

 

[johnb35]

I don't have time right now to post anything as I have to get ready for work, but i do see some entries in the log that needs to be removed. I'll post later tonight when i get home.

 

[mike1414]

Thanks for your consideration John. I appreciate all your help and look forward to hearing from you.

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

File::
c:\windows\unins000.dat
c:\windows\unins000.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.




Please download and run Ccleaner

http://www.filehippo.com/download_ccleaner/

click up top right where it says download latest version and install the program and then set up the options that are checked in the attached image and then click on run cleaner.

Rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

Then click on fix checked.

 

[mike1414]

Okay, I've done the three steps. I DL'ed the updated combofix and ran it with the notepad file, then downloaded and ran ccleaner, then ran hijackthis again. When I went to remove the chosen entries in Hijackthis, "O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k" was no longer there upon scan. So I'm assuming it was removed by one of the other two things.


***

ComboFix 10-07-23.02 - Mike 07/23/2010 22:55:58.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2415.1863 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\unins000.dat"
"c:\windows\unins000.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\Sun
2010-07-21 11:51 . 2010-07-21 11:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-21 07:59 . 2010-07-21 07:59 -------- d-----w- c:\program files\Xvid
2010-07-21 07:59 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-21 07:59 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-21 01:43 . 2010-07-21 01:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 01:43 . 2010-07-21 01:43 503808 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcp71.dll
2010-07-21 01:43 . 2010-07-21 01:43 499712 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\jmc.dll
2010-07-21 01:43 . 2010-07-21 01:43 348160 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcr71.dll
2010-07-21 01:43 . 2010-07-21 01:43 61440 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-sse.dll
2010-07-21 01:43 . 2010-07-21 01:43 12800 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-d3d.dll
2010-07-21 01:43 . 2010-07-21 01:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-21 01:42 . 2010-07-21 01:42 -------- d-----w- c:\program files\Java
2010-07-19 16:33 . 2010-07-19 16:34 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2010-07-19 10:52 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-07-19 10:52 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-07-19 10:47 . 2010-07-19 10:47 -------- d-----w- c:\program files\Bonjour
2010-07-19 10:44 . 2010-07-19 10:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 10:19 . 2010-07-19 11:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 09:52 . 2010-07-19 16:14 7520 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-19 09:52 . 2010-07-19 16:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Corel
2010-07-19 09:52 . 2010-07-19 10:01 88 --sh--r- c:\documents and settings\All Users\Application Data\47A4C2FF9F.sys
2010-07-19 09:37 . 2010-07-19 15:11 -------- d-----w- c:\documents and settings\Mike\Application Data\Ulead Systems
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\program files\SmartSound Software
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\windows\system32\windows media
2010-07-19 09:37 . 2010-07-19 09:37 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-19 09:36 . 2010-07-19 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-07-19 09:35 . 2010-07-19 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-07-19 09:32 . 2010-07-19 09:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-07-19 09:31 . 2010-07-19 16:11 -------- d-----w- c:\program files\Common Files\Corel
2010-07-19 09:31 . 2010-07-19 09:31 -------- d-----w- c:\program files\Windows Media Components
2010-07-19 09:30 . 2010-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-07-19 09:30 . 2010-07-19 09:30 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-07-19 09:30 . 2010-07-19 16:10 -------- d-----w- c:\program files\Corel
2010-07-19 09:29 . 2010-07-19 09:29 65440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\MSBuild
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\Reference Assemblies
2010-07-19 09:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-19 09:28 . 2010-07-19 09:28 -------- d-----w- C:\c8a28e6e4e71f87aab
2010-07-19 09:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-19 09:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-19 09:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-19 09:00 . 2010-07-19 09:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\NOS
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\Polynomial
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\program files\Polynomial-free-00m_windows
2010-07-18 14:33 . 2010-07-18 14:33 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-18 12:19 . 2002-04-06 04:57 237568 ----a-w- c:\windows\Matrix Code Emulator.scr
2010-07-18 12:16 . 2010-07-18 12:16 -------- d-----w- c:\program files\RainCast v2.0
2010-07-18 12:16 . 2004-10-14 02:57 186368 ----a-w- c:\windows\RainCast v2.0.scr
2010-07-18 10:25 . 2010-07-18 10:26 -------- d-----w- c:\documents and settings\Mike\Application Data\acccore
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AOL
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\AOL
2010-07-18 10:11 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-18 10:03 . 2010-07-18 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-18 10:02 . 2010-07-23 02:19 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 10:00 . 2010-07-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-18 07:29 . 2010-07-18 07:29 -------- d-----w- C:\CloneDVDTemp
2010-07-18 03:14 . 2010-07-18 03:14 -------- d-----w- c:\program files\Trend Micro
2010-07-18 03:02 . 2010-07-18 03:02 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Nero
2010-07-18 02:59 . 2010-07-19 16:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Ahead
2010-07-18 02:58 . 2010-07-18 02:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\program files\Nero
2010-07-18 02:54 . 2010-07-18 02:57 -------- d-----w- c:\program files\Common Files\Nero
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Innovative Solutions
2010-07-17 03:08 . 2010-07-17 03:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Auslogics
2010-07-16 20:42 . 2010-07-16 20:42 -------- d-----w- c:\program files\VS Revo Group
2010-07-16 20:33 . 2010-07-16 20:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\eSupport.com
2010-07-16 18:05 . 2010-07-16 18:05 -------- d-----w- c:\program files\Lavalys
2010-07-16 16:24 . 2010-07-16 16:24 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-07-16 16:19 . 2010-07-16 16:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-16 16:19 . 2009-12-03 20:01 2835416 -c--a-w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 15:53 . 2010-07-19 11:05 27192 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 15:53 . 2010-07-16 15:53 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Stardock
2010-07-16 15:52 . 2010-07-16 15:52 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-16 15:01 . 2010-07-16 15:52 -------- d-----w- c:\program files\Stardock
2010-07-16 15:01 . 2007-07-11 22:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-07-16 14:33 . 2010-07-16 14:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Identities
2010-07-16 14:31 . 2010-07-16 14:31 -------- d-----w- c:\program files\Auslogics
2010-07-16 14:16 . 2010-07-16 14:16 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-16 14:14 . 2010-07-16 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-07-16 14:12 . 2010-07-16 14:12 -------- d-----w- c:\program files\SlySoft
2010-07-16 13:43 . 2010-07-16 13:43 -------- d-----w- c:\documents and settings\Mike\Application Data\Foxit Software
2010-07-16 13:42 . 2010-07-16 13:42 -------- d-----w- c:\program files\Foxit Software
2010-07-16 13:28 . 2010-07-23 20:12 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Last.fm
2010-07-16 13:28 . 2010-07-16 13:28 -------- d-----w- c:\program files\Last.fm
2010-07-16 13:23 . 2010-07-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-23 20:37 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-16 12:40 -------- d-----w- c:\program files\MediaMonkey
2010-07-16 12:25 . 2010-07-16 12:25 -------- d-----w- C:\RCT3
2010-07-16 11:53 . 2010-07-16 11:53 -------- d-----w- c:\program files\uTorrent
2010-07-16 11:53 . 2010-07-24 05:45 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Media Player Classic
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\program files\mplayerc_20100214
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Atari
2010-07-16 10:09 . 2010-07-17 03:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Leadertech
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-16 10:09 . 2002-02-28 01:50 197120 ----a-w- c:\windows\patchw32.dll
2010-07-16 10:06 . 2010-07-16 10:06 -------- d-----w- c:\program files\Atari
2010-07-16 10:00 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-16 09:55 . 2009-11-12 00:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-07-16 09:55 . 2010-07-16 09:55 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-16 09:47 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-16 09:47 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-07-16 09:47 . 2009-11-12 01:04 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:57 . 2010-07-16 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 16:29 . 2010-07-19 10:53 -------- d-----w- c:\program files\QuickTime
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\program files\Apple Software Update
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-19 11:44 . 2010-07-19 11:44 -------- d-----w- c:\program files\Unlocker
2010-07-19 11:15 . 2010-07-19 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-19 11:00 . 2010-07-19 11:00 -------- d-----w- c:\program files\Common Files\Control Panels
2010-07-19 10:58 . 2010-07-19 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-16 15:51 . 2010-07-16 08:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 09:26 . 2010-07-16 08:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-16 09:09 . 2010-07-16 09:08 -------- d-----w- c:\program files\NVIDIA Corporation
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_18.21.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 16:41 . 2010-07-23 16:41 16384 c:\windows\Temp\Perflib_Perfdata_394.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-7-16 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-07-16 15:03 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/16/2010 2:37 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2010 2:37 AM 17744]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [7/16/2010 1:31 AM 28672]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-12 00:23]
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Matrix Code Emulator_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 23:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2010-07-23 23:02:13
ComboFix-quarantined-files.txt 2010-07-24 06:02
ComboFix2.txt 2010-07-23 14:17
ComboFix3.txt 2010-07-21 19:21
ComboFix4.txt 2010-07-21 19:11
ComboFix5.txt 2010-07-24 05:54

Pre-Run: 136,220,151,808 bytes free
Post-Run: 136,206,663,680 bytes free

- - End Of File - - 83378D6BE441CB61A52DC49402457205


*****

I couldn't grab any kind of log from ccleaner, but it said it removed a bunch of the stuff that I requested to remove.

*****

here's the Hijackthis log after the removals

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:04 PM, on 7/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\Screen.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 4255 bytes


*****

I've generally been avoiding using Google. It's still my Chrome homepage, but I navigate away from it right after my browser opens. So please let me know if I should try to use it again.

So does Combofix put an IE icon on the desktop normally?

 

[johnb35]

No it doesn't. I need you to search for these files.

ComboFix3.txt
ComboFix4.txt

They should be located under the c drive and post them.

Please start using the browser to see if you get redirected still.

 

[mike1414]

I tried Google and didn't get redirected. But I had tried it before where it stopped for a while then started again. It's sporadic, so I'll keep using it and inform you of any problems.

I didn't know where the Combofix files were saved in C:, so I did a search and they were in the Qoobox folder.

Here's ComboFix3.txt :

ComboFix 10-07-20.03 - Mike 07/21/2010 12:17:53.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2415.1898 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Cruze.dat"
"c:\windows\Ehefewipezu.bin"
.

((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 11:51 . 2010-07-21 11:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-21 07:59 . 2010-07-21 07:59 -------- d-----w- c:\program files\Xvid
2010-07-21 07:59 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-21 07:59 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-21 01:43 . 2010-07-21 01:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 01:43 . 2010-07-21 01:43 503808 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcp71.dll
2010-07-21 01:43 . 2010-07-21 01:43 499712 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\jmc.dll
2010-07-21 01:43 . 2010-07-21 01:43 348160 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcr71.dll
2010-07-21 01:43 . 2010-07-21 01:43 61440 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-sse.dll
2010-07-21 01:43 . 2010-07-21 01:43 12800 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-d3d.dll
2010-07-21 01:43 . 2010-07-21 01:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-21 01:42 . 2010-07-21 01:42 -------- d-----w- c:\program files\Java
2010-07-19 16:33 . 2010-07-19 16:34 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2010-07-19 10:52 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-07-19 10:52 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-07-19 10:47 . 2010-07-19 10:47 -------- d-----w- c:\program files\Bonjour
2010-07-19 10:44 . 2010-07-19 10:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 10:19 . 2010-07-19 11:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 09:52 . 2010-07-19 16:14 7520 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-19 09:52 . 2010-07-19 16:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Corel
2010-07-19 09:52 . 2010-07-19 10:01 88 --sh--r- c:\documents and settings\All Users\Application Data\47A4C2FF9F.sys
2010-07-19 09:37 . 2010-07-19 15:11 -------- d-----w- c:\documents and settings\Mike\Application Data\Ulead Systems
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\program files\SmartSound Software
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\windows\system32\windows media
2010-07-19 09:37 . 2010-07-19 09:37 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-19 09:36 . 2010-07-19 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-07-19 09:35 . 2010-07-19 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-07-19 09:32 . 2010-07-19 09:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-07-19 09:31 . 2010-07-19 16:11 -------- d-----w- c:\program files\Common Files\Corel
2010-07-19 09:31 . 2010-07-19 09:31 -------- d-----w- c:\program files\Windows Media Components
2010-07-19 09:30 . 2010-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-07-19 09:30 . 2010-07-19 09:30 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-07-19 09:30 . 2010-07-19 16:10 -------- d-----w- c:\program files\Corel
2010-07-19 09:29 . 2010-07-19 09:29 65440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\MSBuild
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\Reference Assemblies
2010-07-19 09:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-19 09:28 . 2010-07-19 09:28 -------- d-----w- C:\c8a28e6e4e71f87aab
2010-07-19 09:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-19 09:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-19 09:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-19 09:00 . 2010-07-19 09:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\NOS
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\Polynomial
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\program files\Polynomial-free-00m_windows
2010-07-18 14:33 . 2010-07-18 14:33 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-18 12:19 . 2010-07-18 12:19 799 ----a-w- c:\windows\unins000.dat
2010-07-18 12:19 . 2010-07-18 12:19 640957 ----a-w- c:\windows\unins000.exe
2010-07-18 12:19 . 2002-04-06 04:57 237568 ----a-w- c:\windows\Matrix Code Emulator.scr
2010-07-18 12:16 . 2010-07-18 12:16 -------- d-----w- c:\program files\RainCast v2.0
2010-07-18 12:16 . 2004-10-14 02:57 186368 ----a-w- c:\windows\RainCast v2.0.scr
2010-07-18 10:25 . 2010-07-18 10:26 -------- d-----w- c:\documents and settings\Mike\Application Data\acccore
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AOL
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\AOL
2010-07-18 10:11 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-18 10:03 . 2010-07-18 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 10:00 . 2010-07-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-18 07:29 . 2010-07-18 07:29 -------- d-----w- C:\CloneDVDTemp
2010-07-18 03:14 . 2010-07-18 03:14 -------- d-----w- c:\program files\Trend Micro
2010-07-18 03:02 . 2010-07-18 03:02 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Nero
2010-07-18 02:59 . 2010-07-19 16:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Ahead
2010-07-18 02:58 . 2010-07-18 02:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\program files\Nero
2010-07-18 02:54 . 2010-07-18 02:57 -------- d-----w- c:\program files\Common Files\Nero
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Innovative Solutions
2010-07-17 03:08 . 2010-07-17 03:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Auslogics
2010-07-16 20:42 . 2010-07-16 20:42 -------- d-----w- c:\program files\VS Revo Group
2010-07-16 20:33 . 2010-07-16 20:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\eSupport.com
2010-07-16 18:05 . 2010-07-16 18:05 -------- d-----w- c:\program files\Lavalys
2010-07-16 16:24 . 2010-07-16 16:24 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-07-16 16:19 . 2010-07-16 16:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-16 16:19 . 2009-12-03 20:01 2835416 -c--a-w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 15:53 . 2010-07-19 11:05 27192 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 15:53 . 2010-07-16 15:53 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Stardock
2010-07-16 15:52 . 2010-07-16 15:52 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-16 15:01 . 2010-07-16 15:52 -------- d-----w- c:\program files\Stardock
2010-07-16 15:01 . 2007-07-11 22:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-07-16 14:33 . 2010-07-16 14:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Identities
2010-07-16 14:31 . 2010-07-16 14:31 -------- d-----w- c:\program files\Auslogics
2010-07-16 14:16 . 2010-07-16 14:16 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-16 14:14 . 2010-07-16 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-07-16 14:12 . 2010-07-16 14:12 -------- d-----w- c:\program files\SlySoft
2010-07-16 13:43 . 2010-07-16 13:43 -------- d-----w- c:\documents and settings\Mike\Application Data\Foxit Software
2010-07-16 13:42 . 2010-07-16 13:42 -------- d-----w- c:\program files\Foxit Software
2010-07-16 13:28 . 2010-07-21 04:21 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Last.fm
2010-07-16 13:28 . 2010-07-16 13:28 -------- d-----w- c:\program files\Last.fm
2010-07-16 13:23 . 2010-07-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-21 18:31 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-16 12:40 -------- d-----w- c:\program files\MediaMonkey
2010-07-16 12:25 . 2010-07-16 12:25 -------- d-----w- C:\RCT3
2010-07-16 11:53 . 2010-07-16 11:53 -------- d-----w- c:\program files\uTorrent
2010-07-16 11:53 . 2010-07-21 13:55 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Media Player Classic
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\program files\mplayerc_20100214
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Atari
2010-07-16 10:09 . 2010-07-17 03:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Leadertech
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-16 10:09 . 2002-02-28 01:50 197120 ----a-w- c:\windows\patchw32.dll
2010-07-16 10:06 . 2010-07-16 10:06 -------- d-----w- c:\program files\Atari
2010-07-16 10:00 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-16 09:55 . 2009-11-12 00:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-07-16 09:55 . 2010-07-16 09:55 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-16 09:47 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-16 09:47 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:57 . 2010-07-16 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 16:29 . 2010-07-19 10:53 -------- d-----w- c:\program files\QuickTime
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\program files\Apple Software Update
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-19 11:44 . 2010-07-19 11:44 -------- d-----w- c:\program files\Unlocker
2010-07-19 11:15 . 2010-07-19 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-19 11:00 . 2010-07-19 11:00 -------- d-----w- c:\program files\Common Files\Control Panels
2010-07-19 10:58 . 2010-07-19 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-16 15:51 . 2010-07-16 08:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 09:26 . 2010-07-16 08:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-16 09:09 . 2010-07-16 09:08 -------- d-----w- c:\program files\NVIDIA Corporation
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_18.21.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-21 18:47 . 2010-07-21 18:47 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-7-16 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-07-16 15:03 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/16/2010 2:37 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2010 2:37 AM 17744]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [7/16/2010 1:31 AM 28672]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-12 00:23]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 12:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3628)
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-21 12:21:27
ComboFix-quarantined-files.txt 2010-07-21 19:21
ComboFix2.txt 2010-07-21 19:11
ComboFix3.txt 2010-07-21 18:42
ComboFix4.txt 2010-07-21 18:22

Pre-Run: 136,572,428,288 bytes free
Post-Run: 136,559,595,520 bytes free

- - End Of File - - 322C17D5CFD4FC57F8A1D38C7DC03226


******

 

[mike1414]

And here's ComboFix4.txt:


ComboFix 10-07-20.03 - Mike 07/21/2010 12:05:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2415.1961 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 11:51 . 2010-07-21 11:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-21 07:59 . 2010-07-21 07:59 -------- d-----w- c:\program files\Xvid
2010-07-21 07:59 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-21 07:59 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-21 01:43 . 2010-07-21 01:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 01:43 . 2010-07-21 01:43 503808 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcp71.dll
2010-07-21 01:43 . 2010-07-21 01:43 499712 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\jmc.dll
2010-07-21 01:43 . 2010-07-21 01:43 348160 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72433339-n\msvcr71.dll
2010-07-21 01:43 . 2010-07-21 01:43 61440 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-sse.dll
2010-07-21 01:43 . 2010-07-21 01:43 12800 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6db6bbad-n\decora-d3d.dll
2010-07-21 01:43 . 2010-07-21 01:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-21 01:42 . 2010-07-21 01:42 -------- d-----w- c:\program files\Java
2010-07-19 16:33 . 2010-07-19 16:34 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2010-07-19 10:52 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-07-19 10:52 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-07-19 10:47 . 2010-07-19 10:47 -------- d-----w- c:\program files\Bonjour
2010-07-19 10:44 . 2010-07-19 10:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 10:19 . 2010-07-19 11:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 09:52 . 2010-07-19 16:14 7520 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-19 09:52 . 2010-07-19 16:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Corel
2010-07-19 09:52 . 2010-07-19 10:01 88 --sh--r- c:\documents and settings\All Users\Application Data\47A4C2FF9F.sys
2010-07-19 09:37 . 2010-07-19 15:11 -------- d-----w- c:\documents and settings\Mike\Application Data\Ulead Systems
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\program files\SmartSound Software
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-07-19 09:37 . 2010-07-19 09:37 -------- d-----w- c:\windows\system32\windows media
2010-07-19 09:37 . 2010-07-19 09:37 -------- d--h--w- c:\windows\msdownld.tmp
2010-07-19 09:36 . 2010-07-19 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-07-19 09:35 . 2010-07-19 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-07-19 09:32 . 2010-07-19 09:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-07-19 09:31 . 2010-07-19 16:11 -------- d-----w- c:\program files\Common Files\Corel
2010-07-19 09:31 . 2010-07-19 09:31 -------- d-----w- c:\program files\Windows Media Components
2010-07-19 09:30 . 2010-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-07-19 09:30 . 2010-07-19 09:30 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-07-19 09:30 . 2010-07-19 16:10 -------- d-----w- c:\program files\Corel
2010-07-19 09:29 . 2010-07-19 09:29 65440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\MSBuild
2010-07-19 09:29 . 2010-07-19 09:29 -------- d-----w- c:\program files\Reference Assemblies
2010-07-19 09:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-19 09:28 . 2010-07-19 09:28 -------- d-----w- C:\c8a28e6e4e71f87aab
2010-07-19 09:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-19 09:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-19 09:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-19 09:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-19 09:00 . 2010-07-19 09:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\NOS
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\Polynomial
2010-07-18 16:06 . 2010-07-18 16:06 -------- d-----w- c:\program files\Polynomial-free-00m_windows
2010-07-18 14:33 . 2010-07-18 14:33 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-18 12:19 . 2010-07-18 12:19 799 ----a-w- c:\windows\unins000.dat
2010-07-18 12:19 . 2010-07-18 12:19 640957 ----a-w- c:\windows\unins000.exe
2010-07-18 12:19 . 2002-04-06 04:57 237568 ----a-w- c:\windows\Matrix Code Emulator.scr
2010-07-18 12:16 . 2010-07-18 12:16 -------- d-----w- c:\program files\RainCast v2.0
2010-07-18 12:16 . 2004-10-14 02:57 186368 ----a-w- c:\windows\RainCast v2.0.scr
2010-07-18 10:25 . 2010-07-18 10:26 -------- d-----w- c:\documents and settings\Mike\Application Data\acccore
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AOL
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\AIM
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-18 10:25 . 2010-07-18 10:25 -------- d-----w- c:\program files\Common Files\AOL
2010-07-18 10:11 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-18 10:03 . 2010-07-18 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-18 10:02 . 2010-07-18 10:02 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 10:00 . 2010-07-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-18 07:29 . 2010-07-18 07:29 -------- d-----w- C:\CloneDVDTemp
2010-07-18 03:14 . 2010-07-18 03:14 -------- d-----w- c:\program files\Trend Micro
2010-07-18 03:02 . 2010-07-18 03:02 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Nero
2010-07-18 02:59 . 2010-07-19 16:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Ahead
2010-07-18 02:58 . 2010-07-18 02:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-18 02:54 . 2010-07-18 02:54 -------- d-----w- c:\program files\Nero
2010-07-18 02:54 . 2010-07-18 02:57 -------- d-----w- c:\program files\Common Files\Nero
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Innovative Solutions
2010-07-17 03:08 . 2010-07-17 03:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Auslogics
2010-07-16 20:42 . 2010-07-16 20:42 -------- d-----w- c:\program files\VS Revo Group
2010-07-16 20:33 . 2010-07-16 20:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\eSupport.com
2010-07-16 18:05 . 2010-07-16 18:05 -------- d-----w- c:\program files\Lavalys
2010-07-16 16:24 . 2010-07-16 16:24 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-07-16 16:19 . 2010-07-16 16:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-16 16:19 . 2009-12-03 20:01 2835416 -c--a-w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 16:01 . 2010-07-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 16:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 15:53 . 2010-07-19 11:05 27192 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 15:53 . 2010-07-16 15:53 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Stardock
2010-07-16 15:52 . 2010-07-16 15:52 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-16 15:01 . 2010-07-16 15:52 -------- d-----w- c:\program files\Stardock
2010-07-16 15:01 . 2007-07-11 22:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-07-16 14:33 . 2010-07-16 14:33 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Identities
2010-07-16 14:31 . 2010-07-16 14:31 -------- d-----w- c:\program files\Auslogics
2010-07-16 14:16 . 2010-07-16 14:16 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-16 14:14 . 2010-07-16 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-07-16 14:12 . 2010-07-16 14:12 -------- d-----w- c:\program files\SlySoft
2010-07-16 13:43 . 2010-07-16 13:43 -------- d-----w- c:\documents and settings\Mike\Application Data\Foxit Software
2010-07-16 13:42 . 2010-07-16 13:42 -------- d-----w- c:\program files\Foxit Software
2010-07-16 13:28 . 2010-07-21 04:21 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Last.fm
2010-07-16 13:28 . 2010-07-16 13:28 -------- d-----w- c:\program files\Last.fm
2010-07-16 13:23 . 2010-07-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-21 18:31 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\MediaMonkey
2010-07-16 12:40 . 2010-07-16 12:40 -------- d-----w- c:\program files\MediaMonkey
2010-07-16 12:25 . 2010-07-16 12:25 -------- d-----w- C:\RCT3
2010-07-16 11:53 . 2010-07-16 11:53 -------- d-----w- c:\program files\uTorrent
2010-07-16 11:53 . 2010-07-21 13:55 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Media Player Classic
2010-07-16 10:46 . 2010-07-16 10:46 -------- d-----w- c:\program files\mplayerc_20100214
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Atari
2010-07-16 10:09 . 2010-07-17 03:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\documents and settings\Mike\Application Data\Leadertech
2010-07-16 10:09 . 2010-07-16 10:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-16 10:09 . 2002-02-28 01:50 197120 ----a-w- c:\windows\patchw32.dll
2010-07-16 10:06 . 2010-07-16 10:06 -------- d-----w- c:\program files\Atari
2010-07-16 10:00 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-16 09:55 . 2009-11-12 00:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-07-16 09:55 . 2010-07-16 09:55 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-16 09:47 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-16 09:47 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:57 . 2010-07-16 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 16:29 . 2010-07-19 10:53 -------- d-----w- c:\program files\QuickTime
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-19 16:29 . 2010-07-19 16:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\program files\Apple Software Update
2010-07-19 16:28 . 2010-07-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-19 11:44 . 2010-07-19 11:44 -------- d-----w- c:\program files\Unlocker
2010-07-19 11:15 . 2010-07-19 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-19 11:00 . 2010-07-19 11:00 -------- d-----w- c:\program files\Common Files\Control Panels
2010-07-19 10:58 . 2010-07-19 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-16 15:51 . 2010-07-16 08:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-16 09:47 . 2010-07-16 09:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 09:26 . 2010-07-16 08:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-16 09:09 . 2010-07-16 09:08 -------- d-----w- c:\program files\NVIDIA Corporation
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_18.21.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-21 18:47 . 2010-07-21 18:47 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-7-16 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-07-16 15:03 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/16/2010 2:37 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2010 2:37 AM 17744]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [7/16/2010 1:31 AM 28672]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Mike\LOCALS~1\Temp\gUSBSTOi.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1454471165-725345543-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-16 08:51]

2010-07-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-12 00:23]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 12:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(184)
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-21 12:11:32
ComboFix-quarantined-files.txt 2010-07-21 19:11
ComboFix2.txt 2010-07-21 18:42
ComboFix3.txt 2010-07-21 18:22

Pre-Run: 136,577,765,376 bytes free
Post-Run: 136,565,870,592 bytes free

- - End Of File - - 2E31799F3E66F13B891DC710478E1D79

 

[johnb35]

Let me know if the redirects start back up.

 

[mike1414]

Thanks John! I've been using Google and haven't had the redirects pop back up. I do have another keyboard related problem though. I didn't want to continue it on this thread though, so I posted it in the corresponding forum category. Thanks again!