PDA

View Full Version : Google search redirect


GabeM
2010-01-10, 06:27
Hello,

I've been having an issue where Google search results are being redirected whenever I click on a link. I've run Spybot, CCleaner, and Ad Aware without the problem being fixed. I have followed the instructions in "BEFORE you POST" and here are the results of my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:06 PM, on 1/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F5586D-7A35-40C5-85E7-C689A1FAB24D}: NameServer = 68.105.28.12,68.105.29.12
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c983ebca928344) (gupdate1c983ebca928344) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9287 bytes
Blade81
2010-01-14, 17:09
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
GabeM
2010-01-15, 02:25
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 17:19:59.34 on Thu 01/14/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.311 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100109-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
I:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\gabe & jessica\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]

=============== Created Last 30 ================

2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-09 18:47:18 771688 ----a-w- c:\windows\system32\xa.tmp
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 17:22:48.72 ===============
GabeM
2010-01-15, 02:27
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2007 6:20:23 AM
System Uptime: 1/14/2010 5:14:41 PM (0 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1903/1000mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 50.031 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 279 GiB total, 122.323 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP774: 10/11/2009 10:51:53 PM - System Checkpoint
RP775: 10/13/2009 12:02:57 AM - System Checkpoint
RP776: 10/14/2009 3:00:21 AM - Software Distribution Service 3.0
RP777: 10/15/2009 3:40:55 AM - System Checkpoint
RP778: 10/16/2009 4:10:42 AM - System Checkpoint
RP779: 10/18/2009 8:14:10 PM - System Checkpoint
RP780: 10/19/2009 8:29:50 PM - System Checkpoint
RP781: 10/20/2009 8:40:12 PM - System Checkpoint
RP782: 10/23/2009 7:12:50 AM - System Checkpoint
RP783: 10/24/2009 7:36:04 AM - System Checkpoint
RP784: 10/25/2009 7:54:02 AM - System Checkpoint
RP785: 10/26/2009 8:02:58 AM - System Checkpoint
RP786: 10/27/2009 9:02:04 AM - System Checkpoint
RP787: 10/28/2009 9:49:27 AM - System Checkpoint
RP788: 10/29/2009 10:41:15 AM - System Checkpoint
RP789: 10/30/2009 11:30:32 AM - System Checkpoint
RP790: 10/31/2009 11:43:34 AM - System Checkpoint
RP791: 11/2/2009 8:04:41 AM - System Checkpoint
RP792: 11/3/2009 8:47:25 AM - System Checkpoint
RP793: 11/4/2009 4:00:20 AM - Software Distribution Service 3.0
RP794: 11/5/2009 4:45:29 AM - System Checkpoint
RP795: 11/6/2009 5:20:59 AM - System Checkpoint
RP796: 11/7/2009 6:20:59 AM - System Checkpoint
RP797: 11/8/2009 2:10:43 PM - System Restore 110809
RP798: 11/9/2009 3:15:26 PM - System Checkpoint
RP799: 11/10/2009 3:53:08 PM - System Checkpoint
RP800: 11/10/2009 8:53:57 PM - Software Distribution Service 3.0
RP801: 11/11/2009 9:32:35 PM - System Checkpoint
RP802: 11/12/2009 10:32:26 PM - System Checkpoint
RP803: 11/13/2009 11:20:34 PM - System Checkpoint
RP804: 11/15/2009 12:20:35 AM - System Checkpoint
RP805: 11/16/2009 1:20:28 AM - System Checkpoint
RP806: 11/17/2009 2:20:46 AM - System Checkpoint
RP807: 11/18/2009 2:54:55 AM - System Checkpoint
RP808: 11/19/2009 3:42:56 AM - System Checkpoint
RP809: 11/20/2009 4:42:56 AM - System Checkpoint
RP810: 11/21/2009 5:42:56 AM - System Checkpoint
RP811: 11/22/2009 6:42:49 AM - System Checkpoint
RP812: 11/22/2009 4:17:48 PM - Installed BlackBerry Desktop Software 5.0.1.
RP813: 11/22/2009 4:20:02 PM - Removed BlackBerry Desktop Software 4.2
RP814: 11/23/2009 4:42:57 PM - System Checkpoint
RP815: 11/24/2009 8:34:51 PM - Installed Java(TM) 6 Update 17
RP816: 11/25/2009 3:00:42 AM - Software Distribution Service 3.0
RP817: 11/26/2009 3:25:21 AM - System Checkpoint
RP818: 11/27/2009 4:25:27 AM - System Checkpoint
RP819: 11/27/2009 10:37:38 AM - Removed BlackBerry® Media Sync
RP820: 11/27/2009 10:37:45 AM - Installed BlackBerry® Media Sync
RP821: 11/27/2009 10:45:43 AM - Installed Roxio Media Manager
RP822: 11/28/2009 11:30:10 AM - System Checkpoint
RP823: 11/29/2009 11:39:56 AM - System Checkpoint
RP824: 11/30/2009 12:01:44 PM - System Checkpoint
RP825: 12/1/2009 1:01:44 PM - System Checkpoint
RP826: 12/2/2009 2:01:44 PM - System Checkpoint
RP827: 12/3/2009 3:33:57 PM - System Checkpoint
RP828: 12/4/2009 4:01:44 PM - System Checkpoint
RP829: 12/5/2009 5:01:45 PM - System Checkpoint
RP830: 12/6/2009 5:12:05 PM - System Checkpoint
RP831: 12/7/2009 7:09:19 PM - System Checkpoint
RP832: 12/8/2009 8:05:56 PM - System Checkpoint
RP833: 12/9/2009 6:02:04 PM - Software Distribution Service 3.0
RP834: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP835: 12/11/2009 3:21:46 AM - System Checkpoint
RP836: 12/12/2009 3:33:37 AM - System Checkpoint
RP837: 12/13/2009 4:21:38 AM - System Checkpoint
RP838: 12/14/2009 4:45:14 AM - System Checkpoint
RP839: 12/15/2009 5:45:06 AM - System Checkpoint
RP840: 12/16/2009 5:47:07 AM - System Checkpoint
RP841: 12/17/2009 6:47:09 AM - System Checkpoint
RP842: 12/18/2009 7:18:16 AM - System Checkpoint
RP843: 12/19/2009 7:48:14 AM - System Checkpoint
RP844: 12/20/2009 8:16:28 AM - System Checkpoint
RP845: 12/21/2009 8:30:34 AM - System Checkpoint
RP846: 12/22/2009 9:30:27 AM - System Checkpoint
RP847: 12/23/2009 10:30:28 AM - System Checkpoint
RP848: 12/24/2009 11:37:37 AM - System Checkpoint
RP849: 12/25/2009 12:30:29 PM - System Checkpoint
RP850: 12/26/2009 12:44:26 PM - System Checkpoint
RP851: 12/27/2009 1:12:22 PM - System Checkpoint
RP852: 12/28/2009 2:12:22 PM - System Checkpoint
RP853: 12/29/2009 3:26:00 PM - System Checkpoint
RP854: 12/30/2009 4:12:14 PM - System Checkpoint
RP855: 12/31/2009 5:12:15 PM - System Checkpoint
RP856: 1/1/2010 7:25:37 PM - System Checkpoint
RP857: 1/2/2010 8:12:07 PM - System Checkpoint
RP858: 1/3/2010 9:12:07 PM - System Checkpoint
RP859: 1/4/2010 9:13:50 PM - System Checkpoint
RP860: 1/6/2010 7:46:01 AM - System Checkpoint
RP861: 1/7/2010 8:09:49 AM - System Checkpoint
RP862: 1/7/2010 5:19:23 PM - Installed 32 bit Windows Card Reader Driver
RP863: 1/8/2010 5:48:06 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
32 bit Windows Card Reader Driver
AAC Decoder
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
BlackBerry® Media Sync
Bonjour
Broadcom Management Programs
CCleaner (remove only)
CCScore
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Evernote
fflink
Flickr Uploadr 3.0.5
FoxyTunes for Firefox
Google Chrome
Google Desktop
Google Gears
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lala Music Mover
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
Linksys EasyLink Advisor
Linksys Updater
LP Recorder
LP Ripper
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.7)
Mozilla Sunbird (0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
NVIDIA Drivers
OfotoXMI
OpenOffice.org 3.0
Picasa 3
Pure Networks Platform
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
RocketDock 1.3.5
Roxio DLA
Roxio Media Manager
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
SyncBack
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Wave Corrector DeClick version 1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

1/9/2010 9:06:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
1/9/2010 9:06:56 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:49:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
1/9/2010 5:49:35 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:44:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/9/2010 5:44:05 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/9/2010 5:44:05 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/9/2010 5:42:25 PM, error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
GabeM
2010-01-15, 07:20
After finishing with DDS I ran GMER (took about an hour and a half) and ran into problems once the report was generated. I was trying to save it in a notepad file when my system began to hang. I then got a BSOD saying I had to restart Windows. I rebooted my system hoping the log would still be on the clipboard, but no luck.

I started running GMER a second time and it still has not finished the scan. It's now been nearly 3 hours. I'm going to be going to bed soon and wanted to give an update. Hopefully I didn't make things worse by running it twice. I'll check on it in the morning and post the results as soon as I can.

I really appreciate the help. I don't know what I would do without it.
GabeM
2010-01-15, 07:46
I stuck it out a bit longer and it finally finished. I managed to save it this time, but when I opened up my browser my system got hung up again. I did a restart and now here is the zip.
Blade81
2010-01-15, 15:41
Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
LimeWire


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
GabeM
2010-01-15, 18:31
ComboFix 10-01-14.07 - Gabe & Jessica 01/15/2010 9:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.432 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xa.tmp

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 09:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x856D7841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf73167b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71f2ba0
PacketIndicateHandler -> NDIS.sys @ 0xf71ffb21
SendHandler -> NDIS.sys @ 0xf71dd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1120)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\stsystra.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-15 09:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 17:25

Pre-Run: 53,451,792,384 bytes free
Post-Run: 53,374,275,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 821A6FBDB2F64F94308066F04CA642C7
GabeM
2010-01-15, 18:31
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 9:26:32.45 on Fri 01/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.496 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gabe & Jessica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-01-15 17:06:34 0 d-sha-r- C:\cmdcons
2010-01-15 17:05:11 98816 ----a-w- c:\windows\sed.exe
2010-01-15 17:05:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-15 17:05:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-15 17:05:11 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 9:28:52.28 ===============
GabeM
2010-01-15, 18:33
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2007 6:20:23 AM
System Uptime: 1/15/2010 9:17:22 AM (0 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 49.72 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 279 GiB total, 122.32 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP774: 10/11/2009 10:51:53 PM - System Checkpoint
RP775: 10/13/2009 12:02:57 AM - System Checkpoint
RP776: 10/14/2009 3:00:21 AM - Software Distribution Service 3.0
RP777: 10/15/2009 3:40:55 AM - System Checkpoint
RP778: 10/16/2009 4:10:42 AM - System Checkpoint
RP779: 10/18/2009 8:14:10 PM - System Checkpoint
RP780: 10/19/2009 8:29:50 PM - System Checkpoint
RP781: 10/20/2009 8:40:12 PM - System Checkpoint
RP782: 10/23/2009 7:12:50 AM - System Checkpoint
RP783: 10/24/2009 7:36:04 AM - System Checkpoint
RP784: 10/25/2009 7:54:02 AM - System Checkpoint
RP785: 10/26/2009 8:02:58 AM - System Checkpoint
RP786: 10/27/2009 9:02:04 AM - System Checkpoint
RP787: 10/28/2009 9:49:27 AM - System Checkpoint
RP788: 10/29/2009 10:41:15 AM - System Checkpoint
RP789: 10/30/2009 11:30:32 AM - System Checkpoint
RP790: 10/31/2009 11:43:34 AM - System Checkpoint
RP791: 11/2/2009 8:04:41 AM - System Checkpoint
RP792: 11/3/2009 8:47:25 AM - System Checkpoint
RP793: 11/4/2009 4:00:20 AM - Software Distribution Service 3.0
RP794: 11/5/2009 4:45:29 AM - System Checkpoint
RP795: 11/6/2009 5:20:59 AM - System Checkpoint
RP796: 11/7/2009 6:20:59 AM - System Checkpoint
RP797: 11/8/2009 2:10:43 PM - System Restore 110809
RP798: 11/9/2009 3:15:26 PM - System Checkpoint
RP799: 11/10/2009 3:53:08 PM - System Checkpoint
RP800: 11/10/2009 8:53:57 PM - Software Distribution Service 3.0
RP801: 11/11/2009 9:32:35 PM - System Checkpoint
RP802: 11/12/2009 10:32:26 PM - System Checkpoint
RP803: 11/13/2009 11:20:34 PM - System Checkpoint
RP804: 11/15/2009 12:20:35 AM - System Checkpoint
RP805: 11/16/2009 1:20:28 AM - System Checkpoint
RP806: 11/17/2009 2:20:46 AM - System Checkpoint
RP807: 11/18/2009 2:54:55 AM - System Checkpoint
RP808: 11/19/2009 3:42:56 AM - System Checkpoint
RP809: 11/20/2009 4:42:56 AM - System Checkpoint
RP810: 11/21/2009 5:42:56 AM - System Checkpoint
RP811: 11/22/2009 6:42:49 AM - System Checkpoint
RP812: 11/22/2009 4:17:48 PM - Installed BlackBerry Desktop Software 5.0.1.
RP813: 11/22/2009 4:20:02 PM - Removed BlackBerry Desktop Software 4.2
RP814: 11/23/2009 4:42:57 PM - System Checkpoint
RP815: 11/24/2009 8:34:51 PM - Installed Java(TM) 6 Update 17
RP816: 11/25/2009 3:00:42 AM - Software Distribution Service 3.0
RP817: 11/26/2009 3:25:21 AM - System Checkpoint
RP818: 11/27/2009 4:25:27 AM - System Checkpoint
RP819: 11/27/2009 10:37:38 AM - Removed BlackBerry® Media Sync
RP820: 11/27/2009 10:37:45 AM - Installed BlackBerry® Media Sync
RP821: 11/27/2009 10:45:43 AM - Installed Roxio Media Manager
RP822: 11/28/2009 11:30:10 AM - System Checkpoint
RP823: 11/29/2009 11:39:56 AM - System Checkpoint
RP824: 11/30/2009 12:01:44 PM - System Checkpoint
RP825: 12/1/2009 1:01:44 PM - System Checkpoint
RP826: 12/2/2009 2:01:44 PM - System Checkpoint
RP827: 12/3/2009 3:33:57 PM - System Checkpoint
RP828: 12/4/2009 4:01:44 PM - System Checkpoint
RP829: 12/5/2009 5:01:45 PM - System Checkpoint
RP830: 12/6/2009 5:12:05 PM - System Checkpoint
RP831: 12/7/2009 7:09:19 PM - System Checkpoint
RP832: 12/8/2009 8:05:56 PM - System Checkpoint
RP833: 12/9/2009 6:02:04 PM - Software Distribution Service 3.0
RP834: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP835: 12/11/2009 3:21:46 AM - System Checkpoint
RP836: 12/12/2009 3:33:37 AM - System Checkpoint
RP837: 12/13/2009 4:21:38 AM - System Checkpoint
RP838: 12/14/2009 4:45:14 AM - System Checkpoint
RP839: 12/15/2009 5:45:06 AM - System Checkpoint
RP840: 12/16/2009 5:47:07 AM - System Checkpoint
RP841: 12/17/2009 6:47:09 AM - System Checkpoint
RP842: 12/18/2009 7:18:16 AM - System Checkpoint
RP843: 12/19/2009 7:48:14 AM - System Checkpoint
RP844: 12/20/2009 8:16:28 AM - System Checkpoint
RP845: 12/21/2009 8:30:34 AM - System Checkpoint
RP846: 12/22/2009 9:30:27 AM - System Checkpoint
RP847: 12/23/2009 10:30:28 AM - System Checkpoint
RP848: 12/24/2009 11:37:37 AM - System Checkpoint
RP849: 12/25/2009 12:30:29 PM - System Checkpoint
RP850: 12/26/2009 12:44:26 PM - System Checkpoint
RP851: 12/27/2009 1:12:22 PM - System Checkpoint
RP852: 12/28/2009 2:12:22 PM - System Checkpoint
RP853: 12/29/2009 3:26:00 PM - System Checkpoint
RP854: 12/30/2009 4:12:14 PM - System Checkpoint
RP855: 12/31/2009 5:12:15 PM - System Checkpoint
RP856: 1/1/2010 7:25:37 PM - System Checkpoint
RP857: 1/2/2010 8:12:07 PM - System Checkpoint
RP858: 1/3/2010 9:12:07 PM - System Checkpoint
RP859: 1/4/2010 9:13:50 PM - System Checkpoint
RP860: 1/6/2010 7:46:01 AM - System Checkpoint
RP861: 1/7/2010 8:09:49 AM - System Checkpoint
RP862: 1/7/2010 5:19:23 PM - Installed 32 bit Windows Card Reader Driver
RP863: 1/8/2010 5:48:06 PM - System Checkpoint
RP864: 1/15/2010 8:38:09 AM - Software Distribution Service 3.0
RP865: 1/15/2010 8:42:26 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 bit Windows Card Reader Driver
AAC Decoder
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
BlackBerry® Media Sync
Bonjour
Broadcom Management Programs
CCleaner (remove only)
CCScore
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Evernote
fflink
Flickr Uploadr 3.0.5
FoxyTunes for Firefox
Google Chrome
Google Desktop
Google Gears
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lala Music Mover
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor
Linksys Updater
LP Recorder
LP Ripper
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.7)
Mozilla Sunbird (0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
NVIDIA Drivers
OfotoXMI
OpenOffice.org 3.0
Picasa 3
Pure Networks Platform
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
RocketDock 1.3.5
Roxio DLA
Roxio Media Manager
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
SyncBack
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Wave Corrector DeClick version 1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

1/9/2010 9:06:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
1/9/2010 9:06:56 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:49:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
1/9/2010 5:49:35 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:44:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/9/2010 5:44:05 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/9/2010 5:44:05 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/9/2010 5:42:25 PM, error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
1/15/2010 9:08:36 AM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
1/14/2010 7:25:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
1/14/2010 7:24:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Mail Scanner service.

==== End Of File ===========================
Blade81
2010-01-15, 18:59
Hi again,


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
atapi.sys


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

--------
Then I need you to do one other thing. Have these instructions printed to have access on them while in recovery console.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd system32\drivers

6. At the next prompt, type the following bolded text, and press Enter:

copy /y atapi.sys atapi.sys.bad

You should see message "1 file(s) copied."
8. If that went fine, at the next prompt, type the following bolded text, and press Enter:

exit

Let Windows reboot back to normal mode and then upload c:\windows\system32\drivers\atapi.sys.bad file to http://www.virustotal.com. Post back the results.
GabeM
2010-01-15, 19:03
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:01 on 15/01/2010 by Gabe & Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95360 bytes [10:13 11/07/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [17:21 15/01/2010] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys --a--- 96512 bytes [11:04 19/12/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--- 96512 bytes [05:29 24/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [13:54 25/06/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys --a--- 95360 bytes [13:54 25/06/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-
GabeM
2010-01-15, 19:10
I am at the part where I enter: copy /y atapi.sys atapi.sys.bad

I receive this message when doing so: The parameter is not valid. Try ? for help.
Blade81
2010-01-15, 19:14
Hi

Try to take /y part off the command.
GabeM
2010-01-15, 19:20
Hello

Removing that piece worked like a charm, here are the results:

MD5: cdfe4411a69c224bd1d11b2da92dac51
First received: 2008.03.02 11:23:58 UTC
Date: 2010.01.15 18:10:27 UTC [<1D]
Results: 0/41
Permalink: analisis/0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d-1263579027
Blade81
2010-01-15, 19:34
Hi,

Before we take other steps could you check if search results are still redirected, please?
GabeM
2010-01-16, 01:00
Hello,

Yes, they are still being redirected. However, I noticed that fewer links are being redirected. The first few I tried gave me the actual site, but after that the redirects started.

Also, Avast notified me that it found "Win32:Alureon-EU" in "C:WINDOWS\system32\drivers\nvata.sys" after the ComboFix had been run and restarted my system. I selected "no action" when the prompt appeared. Thought you might like to know about that.
Blade81
2010-01-16, 11:55
Ok. Please run SystemLook again with this contents:

:filefind
nvata.sys
GabeM
2010-01-16, 17:05
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:02 on 16/01/2010 by Gabe & Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "nvata.sys"
C:\drivers\storage\R149470\nvata.sys --a--- 105472 bytes [13:50 25/06/2007] [02:25 26/02/2007] EF9941593B2E9B436F64A87DDB570D1A
C:\i386\nvata.sys --a--- 105472 bytes [10:13 11/07/2007] [02:25 26/02/2007] EF9941593B2E9B436F64A87DDB570D1A
C:\WINDOWS\system32\drivers\nvata.sys --a--- 105472 bytes [13:50 25/06/2007] [17:54 15/01/2010] EF9941593B2E9B436F64A87DDB570D1A

-=End Of File=-
Blade81
2010-01-16, 17:11
Hi,

Please start the system in recovery console and run following command there:

copy C:\WINDOWS\system32\drivers\nvata.sys C:\WINDOWS\system32\drivers\nvata.sys.bad

Reboot back into normal mode and upload C:\WINDOWS\system32\drivers\nvata.sys.bad file to VirusTotal (http://www.virustotal.com).
GabeM
2010-01-16, 17:21
File nvata.sys.bad received on 2010.01.16 16:18:25 (UTC)
Current status: finished
Result: 22/41 (53.66%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 Rootkit.Win32.TDSS!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 Win32:Alureon-EU
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.16 -
Comodo 3604 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 BackDoor.Tdss.1866
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.16 Rootkit:W32/TDSS.gen!D
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 Win32:Alureon-EU
Ikarus T3.1.1.80.0 2010.01.16 Rootkit.Win32.TDSS
Jiangmin 13.0.900 2010.01.16 Rootkit.TDSS.cza
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 Rootkit.Win32.TDSS.y
McAfee 5862 2010.01.15 Patched-SYSFile.a
McAfee+Artemis 5862 2010.01.15 Patched-SYSFile.a
McAfee-GW-Edition 6.8.5 2010.01.16 Heuristic.LooksLike.Trojan.Patched.H
Microsoft 1.5302 2010.01.16 Virus:Win32/Alureon.F
NOD32 4777 2010.01.16 Win32/Olmarik.SJ
Norman 6.04.03 2010.01.16 W32/tdss.drv.gen6
nProtect 2009.1.8.0 2010.01.16 Trojan/W32.Rootkit.105472.E
Panda 10.0.2.2 2010.01.16 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 Medium Risk Malware
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 Mal/TDSS-G
Sunbelt 3.2.1858.2 2010.01.16 Rootkit.Win32.TDSS.y (v)
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 Cryp_TIDIES-12
VBA32 3.12.12.1 2010.01.15 Rootkit.Win32.TDSL
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 Rootkit.Alureon.Gen!Pac.7
Additional information
File size: 105472 bytes
MD5...: 7322b3dcdfa56be7ed8cddf4166dad81
SHA1..: a3bccc8f5c2137a669f99306d1777709c6e7aa42
SHA256: 929580f8265607a82808d7c1d20739dbf58394c818ddbff2289b0c0d00965a91
ssdeep: 3072:SqlyIVXX9/IwkLw9EegML593uvaRmGrz5XCRRL4TgrK0mDn:1lyIVXX9/zQ
tML593uvaRmOzERN4cO
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17ea4
timedatestamp.....: 0x4536c767 (Thu Oct 19 00:31:35 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x166a4 0x16700 6.53 7609cea76aff4e1323b77552a74e8f55
.rdata 0x16a00 0x2d0 0x300 4.73 ad702daf36d333c9881c6b0529bc4c8c
.data 0x16d00 0xe4 0x100 1.39 03777d4a5d848a87e39eed778ab5ab31
PAGE 0x16e00 0x1b5 0x200 5.15 c42a76ad3d96bae2ea83574fe9f0ac73
INIT 0x17000 0xe6c 0xe80 5.51 962f171801bd386e2b615cc852aca21f
.rsrc 0x17e80 0x11a0 0x1200 6.99 afc1d03abf1f54deedcad84872016e6a
.reloc 0x19080 0xb5c 0xb80 6.11 9259932cc8e6201250797f742cb5d3fa

( 3 imports )
> ntoskrnl.exe: IoAcquireRemoveLockEx, PoCallDriver, PoStartNextPowerIrp, ObfReferenceObject, RtlCopyUnicodeString, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, KeInsertQueueDpc, KeSynchronizeExecution, MmUnmapIoSpace, MmMapIoSpace, IoFreeMdl, IoGetDeviceProperty, ZwClose, ZwQueryValueKey, ZwOpenKey, RtlInitUnicodeString, strncmp, IoBuildDeviceIoControlRequest, KeDelayExecutionThread, ZwSetValueKey, ZwCreateKey, IoOpenDeviceRegistryKey, ExAllocatePoolWithTagPriority, IoWMIRegistrationControl, IoDisconnectInterrupt, PoSetPowerState, IoReleaseRemoveLockAndWaitEx, KeBugCheckEx, KeSetEvent, sprintf, IoConnectInterrupt, IoGetDmaAdapter, KeInitializeDpc, IoIsWdmVersionAvailable, IoQueueWorkItem, IoAllocateWorkItem, ExInterlockedPopEntrySList, RtlFreeAnsiString, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoReleaseRemoveLockEx, IoAllocateIrp, MmUnlockPages, IoFreeWorkItem, IoReleaseCancelSpinLock, MmProbeAndLockPages, IoAllocateMdl, MmMapLockedPagesSpecifyCache, IoInvalidateDeviceRelations, ExInitializeNPagedLookasideList, IoInitializeTimer, RtlFindMostSignificantBit, RtlFindLeastSignificantBit, ExDeleteNPagedLookasideList, IoStopTimer, IoInvalidateDeviceState, wcscpy, PoRegisterDeviceForIdleDetection, IoStartTimer, MmBuildMdlForNonPagedPool, Mm64BitPhysicalAddress, IoAcquireCancelSpinLock, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeInitializeDeviceQueue, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlClearAllBits, RtlInitializeBitMap, RtlFindClearBitsAndSet, RtlClearBits, PsTerminateSystemThread, KeClearEvent, ObReferenceObjectByHandle, PsCreateSystemThread, KeSetTimer, KeQuerySystemTime, KeCancelTimer, KeInitializeTimer, _except_handler3, PoRequestPowerIrp, IofCompleteRequest, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlIntegerToUnicodeString, RtlAppendUnicodeStringToString, IoCreateDevice, IoAttachDeviceToDeviceStack, IoDeleteDevice, IoInitializeRemoveLockEx, IoGetConfigurationInformation, IoCreateSymbolicLink, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, IofCallDriver, KeWaitForSingleObject, ObfDereferenceObject, IoDeleteSymbolicLink, IoDetachDevice, KeInitializeSpinLock, ExFreePoolWithTag, IoFreeIrp, ExInterlockedPushEntrySList
> HAL.dll: KeStallExecutionProcessor, ExAcquireFastMutex, KeQueryPerformanceCounter, KeGetCurrentIrql, KeFlushWriteBuffer, KeRaiseIrqlToDpcLevel, KfAcquireSpinLock, KfReleaseSpinLock, KfRaiseIrql, KfLowerIrql, ExReleaseFastMutex, READ_PORT_ULONG, WRITE_PORT_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_USHORT, READ_PORT_BUFFER_UCHAR, WRITE_PORT_UCHAR, READ_PORT_UCHAR, READ_PORT_USHORT
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=461CCA490079A2019C05011464174000F85265CF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=461CCA490079A2019C05011464174000F85265CF</a>
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Blade81
2010-01-16, 17:31
Good.

Click start->run->type cmd.exe and press enter. Type this command in command prompt window ("1 file(s) copied." should be the message you get as output):

copy C:\drivers\storage\R149470\nvata.sys C:\WINDOWS\system32\drivers\nvata.sys.bak


When done, please start the system in recovery console and run following command there:

copy C:\WINDOWS\system32\drivers\nvata.sys.bak C:\WINDOWS\system32\drivers\nvata.sys

Reboot back into normal mode and run ComboFix. Post back its report.
GabeM
2010-01-16, 17:40
Message in Recovery Console:

Overwrite nvata.sys? (Yes/No/All):
Blade81
2010-01-16, 17:46
Yes, overwrite it (sorry, forgot to mention that).
GabeM
2010-01-16, 17:52
Ok, I just keep getting all kinds of fun stuff popping up this morning.

ComboFix is letting me know an update is available. I didn't want to mess up any of the work already done. Should I update or continue using the version I've been using?
Blade81
2010-01-16, 17:54
Update to the latest one available.
GabeM
2010-01-16, 18:00
I updated per your instructions, but when the program began running it said my Avast was still running. I had disabled it prior to starting ComboFix and installing the update.

I double checked to make sure and it was still disabled. I had no choice but to click 'OK' and then the program continued running, but with a message saying it would be at my own risk since Avast was still active.

Shall I post the results anyways or should I try running it again after this scan is done?
GabeM
2010-01-16, 18:06
Here it is anyway. Figured it wouldn't hurt to post even if I had to rerun it.

ComboFix 10-01-15.05 - Gabe & Jessica 01/16/2010 8:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.450 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 09:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-16 09:04:30
ComboFix-quarantined-files.txt 2010-01-16 17:04
ComboFix2.txt 2010-01-15 17:25

Pre-Run: 53,594,832,896 bytes free
Post-Run: 53,561,413,632 bytes free

- - End Of File - - 9727569246E62056FA6666973B936535
Blade81
2010-01-16, 18:34
Good. Time to continue forward :)

Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?t=54691&page=3
Collect::
c:\windows\system32\drivers\nvata.sys.bad



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Have internet connection enabled.
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.

Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?
GabeM
2010-01-16, 23:00
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 16, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 16, 2010 18:37:11
Records in database: 3320251
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 92036
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:40:09


File name / Threat / Threats count
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir Infected: Trojan.Win32.Vilsel.qte 1
C:\WINDOWS\system32\drivers\nvata.sys.bad Infected: Rootkit.Win32.TDSS.y 1
I:\Downloads\Firefox\UltraVNC_105_Setup_W32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1

Selected area has been scanned.
GabeM
2010-01-16, 23:01
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 13:56:37.73 on Sat 01/16/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.607 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gabe & Jessica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\gabe & jessica\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-01-16 18:00:55 0 d-----w- c:\windows\system32\Adobe
2010-01-16 18:00:37 0 d-----w- c:\docume~1\gabe&j~1\applic~1\SumatraPDF
2010-01-16 18:00:35 0 d-----w- c:\program files\SumatraPDF
2010-01-16 17:40:43 0 d-----w- C:\ComboFix
2010-01-16 16:33:36 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bak
2010-01-16 16:33:36 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 17:06:34 0 d-sha-r- C:\cmdcons
2010-01-15 17:05:11 98816 ----a-w- c:\windows\sed.exe
2010-01-15 17:05:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-15 17:05:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-15 17:05:11 161792 ----a-w- c:\windows\SWREG.exe
2010-01-15 01:18:25 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-15 17:54:48 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 13:59:06.56 ===============
GabeM
2010-01-16, 23:02
ComboFix 10-01-16.01 - Gabe & Jessica 01/16/2010 9:41.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.433 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-16 09:47:13
ComboFix-quarantined-files.txt 2010-01-16 17:47
ComboFix2.txt 2010-01-16 17:04
ComboFix3.txt 2010-01-15 17:25

Pre-Run: 53,564,198,912 bytes free
Post-Run: 53,550,936,064 bytes free

- - End Of File - - B65463484CA65CE622E0F4DA131D9BC0
GabeM
2010-01-16, 23:06
Hello,

All search results seem to be working properly now. I did 3 or 4 queries and clicked multiple links for each one, and they all went to the correct destination.
Blade81
2010-01-17, 12:44
Hi,

It seems you didn't run ComboFix with the cfscript.txt as instructed. Please run again with that script.
GabeM
2010-01-17, 17:57
ComboFix 10-01-16.04 - Gabe & Jessica 01/17/2010 8:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.501 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\windows\system32\Adobe
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\SumatraPDF
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\program files\SumatraPDF
2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 22:07 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-16 17:55 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_804.dat
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
+ 2010-01-16 18:01 . 2010-01-16 18:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-30 01:48 . 2009-06-12 03:47 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 18:00 . 2010-01-16 18:00 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 307200 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000002\UsrClass.dat
+ 2010-01-17 16:45 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-17-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 10072064 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000001\NTUSER.DAT
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 08:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 08:56:35
ComboFix-quarantined-files.txt 2010-01-17 16:56
ComboFix2.txt 2010-01-16 17:47
ComboFix3.txt 2010-01-16 17:04
ComboFix4.txt 2010-01-15 17:25

Pre-Run: 53,726,277,632 bytes free
Post-Run: 53,786,816,512 bytes free

- - End Of File - - 705639F476814792352F29D07A9F34EB
Blade81
2010-01-17, 18:04
Hi,

Did you create script file and drag'n'drop it to ComboFix like? Output indicate that ComboFix was run normally by just double clicking the icon.

Here is how I wanted it to be done:


Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?t=54691&page=3
Collect::
c:\windows\system32\drivers\nvata.sys.bad



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Have internet connection enabled.
Then post the resultant log.

If you did it that way then please move ComboFix.exe to c:\ and try drag'n'drop the script file again.
GabeM
2010-01-17, 18:20
Hi,

Both previous logs were run from the desktop, here is the one after moving ComboFix to C:

ComboFix 10-01-16.04 - Gabe & Jessica 01/17/2010 9:07.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.549 [GMT -8:00]
Running from: C:\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\windows\system32\Adobe
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\SumatraPDF
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\program files\SumatraPDF
2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 17:02 . 2010-01-17 16:47 3827754 ----a-r- C:\ComboFix.exe
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 22:07 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-16 17:55 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_804.dat
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
+ 2010-01-16 18:01 . 2010-01-16 18:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-30 01:48 . 2009-06-12 03:47 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 18:00 . 2010-01-16 18:00 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 307200 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000002\UsrClass.dat
+ 2010-01-17 16:45 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-17-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 10072064 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000001\NTUSER.DAT
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 09:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 09:13:23
ComboFix-quarantined-files.txt 2010-01-17 17:13
ComboFix2.txt 2010-01-17 16:56
ComboFix3.txt 2010-01-16 17:47
ComboFix4.txt 2010-01-16 17:04
ComboFix5.txt 2010-01-17 17:06

Pre-Run: 53,795,762,176 bytes free
Post-Run: 53,782,544,384 bytes free

- - End Of File - - A91383069285F0F3CCFE061419F77E50
GabeM
2010-01-17, 18:22
Sorry I didn't mention above; yes I created and used the drag'n'drop file as you instructed.
Blade81
2010-01-17, 18:26
Hi,

Let's carry out the task in other way.

Please upload this file:

c:\windows\system32\drivers\nvata.sys.bad

to this website: http://www.bleepingcomputer.com/submit-malware.php?channel=4

In "Link to topic where this file was requested: " -field insert this: http://forums.spybot.info/showthread.php?t=54691&page=3

Let me know when that's done and we'll see the next steps after that.
GabeM
2010-01-17, 18:29
Hi,

The file has been successfully submitted.
Blade81
2010-01-17, 18:33
Thank you :)

C:\WINDOWS\system32\drivers\nvata.sys.bad file can be deleted now.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
GabeM
2010-01-17, 20:55
Hello,

I have completed updating Windows and Internet Explorer. The problem appears to be fixed. I will post another update in a few days to let you know if I've run into any problems.

Is it ok to uninstall the diagnostic programs used during this process?

Thank you so much for your help. I don't know what I would have done without it. A donation will definitely be following this post :thanks:
Blade81
2010-01-17, 21:57
You're welcome :)


Is it ok to uninstall the diagnostic programs used during this process?
Yes, it's ok. Some of those (like ComboFix) should be already uninstalled.
GabeM
2010-01-23, 20:34
Everything seems to be in working order still. Thanks for all the help:)
Blade81
2010-01-23, 21:31
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.