PDA

View Full Version : Unruy infection, flash popups



krisbfunk
2010-04-09, 00:11
here is my hijack this log. Please note, that I stupidly ran ComboFix before reading the instructions on this forum in hopes for a quick fix. I have the log to post if necessary.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:17 PM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061122
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061122
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.220.231.2:3127
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [rwvhxpsgjnuim] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\nafltixnhyajfkv.dll"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5283742E-A26D-4B6C-81A1-3111705D4C95} (LuraDocument.jpm ActiveX) - http://www.luratech.com/download/bin/jpmx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180155401193
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photogize.com/bponet/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b983e7870ed1) (gupdate1c9b983e7870ed1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe (file missing)


--
End of file - 14213 bytes

Blade81
2010-04-12, 18:27
Hi,

Please post that ComboFix log contents you have there.

Do this too:

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

krisbfunk
2010-04-13, 00:25
first, here is my original combofix log, will run DDS next and post results

ComboFix 10-04-06.05 - kris 04/07/2010 22:47:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2493 [GMT -3:00]
Running from: c:\documents and settings\kris\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\program files\Adobe\acrotray .exe
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\_VOIDqouftkbcjp
c:\windows\jestertb.dll
c:\windows\system32\73462098.dll
c:\windows\system32\aahjsypk.ini
c:\windows\system32\aajnccqe.ini
c:\windows\system32\aalyfcab.ini
c:\windows\system32\aaqsdmpr.ini
c:\windows\system32\acekfobg.ini
c:\windows\system32\aeqpsjgy.ini
c:\windows\system32\aiodnuxm.ini
c:\windows\system32\amabvkdf.ini
c:\windows\system32\amreqsvh.ini
c:\windows\system32\antrxslc.ini
c:\windows\system32\aqqravpj.ini
c:\windows\system32\atabmgop.ini
c:\windows\system32\auktxsll.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\axjwnqut.ini
c:\windows\system32\bbhnwdsd.ini
c:\windows\system32\bbngcxot.ini
c:\windows\system32\bchmfjsa.ini
c:\windows\system32\bgartjlf.ini
c:\windows\system32\bievtuwb.ini
c:\windows\system32\biighhur.ini
c:\windows\system32\bjxtupje.ini
c:\windows\system32\bjymngug.ini
c:\windows\system32\bkcerxhg.ini
c:\windows\system32\bkidapmj.ini
c:\windows\system32\bkwhkmcd.ini
c:\windows\system32\blfnepwo.ini
c:\windows\system32\bnbhxnsl.ini
c:\windows\system32\bnwmyawf.ini
c:\windows\system32\bppfkutl.ini
c:\windows\system32\brfxdhpu.ini
c:\windows\system32\bsdmpvvs.ini
c:\windows\system32\bsovisef.ini
c:\windows\system32\bunlljgv.ini
c:\windows\system32\cbkpgfhh.ini
c:\windows\system32\cdaypxgj.ini
c:\windows\system32\cemrqhvs.ini
c:\windows\system32\cfhpiukn.ini
c:\windows\system32\ckdxwehc.ini
c:\windows\system32\cpdnwuls.ini
c:\windows\system32\cqjyshsx.ini
c:\windows\system32\crgnxnrp.ini
c:\windows\system32\crvwmxhv.ini
c:\windows\system32\ctfmon .exe
c:\windows\system32\ctrchfpe.ini
c:\windows\system32\cutdmhov.ini
c:\windows\system32\cwmkqlwe.ini
c:\windows\system32\daddywyg.ini
c:\windows\system32\Data
c:\windows\system32\dfbowrlb.ini
c:\windows\system32\dfgapqxb.ini
c:\windows\system32\dlvaikva.ini
c:\windows\system32\dmobbjta.ini
c:\windows\system32\dnkhddbm.ini
c:\windows\system32\dosuvlot.ini
c:\windows\system32\dqbfmwkx.ini
c:\windows\system32\dubojopn.ini
c:\windows\system32\duthswvh.ini
c:\windows\system32\dvbxhwjs.ini
c:\windows\system32\dwhjjfxs.ini
c:\windows\system32\dxpeboxc.ini
c:\windows\system32\dxptrvxl.ini
c:\windows\system32\dywchrmu.ini
c:\windows\system32\ecggrhua.ini
c:\windows\system32\egklkhgg.ini
c:\windows\system32\egtqowhv.ini
c:\windows\system32\ehibacpk.ini
c:\windows\system32\ehmdpsas.ini
c:\windows\system32\elmispii.ini
c:\windows\system32\emlqvarm.ini
c:\windows\system32\emtgdily.ini
c:\windows\system32\eokqmfhx.ini
c:\windows\system32\epuwnvkj.ini
c:\windows\system32\etbxvyts.ini
c:\windows\system32\ewopbhjs.ini
c:\windows\system32\exafepnt.ini
c:\windows\system32\exbgbdwi.ini
c:\windows\system32\eynyccxj.ini
c:\windows\system32\eypvajed.ini
c:\windows\system32\fatcvnav.ini
c:\windows\system32\fdrdyoxm.ini
c:\windows\system32\ffaabbbef0_z.dll
c:\windows\system32\ffjxyryf.ini
c:\windows\system32\fkgtyjft.ini
c:\windows\system32\fldjmvno.ini
c:\windows\system32\fmkqhmhp.ini
c:\windows\system32\fnejcwqk.ini
c:\windows\system32\frcwgxok.ini
c:\windows\system32\ftegnfpn.ini
c:\windows\system32\fxdpjrvp.ini
c:\windows\system32\gdkcfaup.ini
c:\windows\system32\gehiqpir.ini
c:\windows\system32\gesrqrpr.ini
c:\windows\system32\gguhgyic.ini
c:\windows\system32\ghuinnux.ini
c:\windows\system32\gjgireni.ini
c:\windows\system32\gnuperam.ini
c:\windows\system32\gqndmtkh.ini
c:\windows\system32\grerlgff.ini
c:\windows\system32\gtgaanxk.ini
c:\windows\system32\gthliiwu.ini
c:\windows\system32\gwtbaxox.ini
c:\windows\system32\gxeaolhj.ini
c:\windows\system32\gxxoynmi.ini
c:\windows\system32\gyseyspk.ini
c:\windows\system32\hcaubrhn.ini
c:\windows\system32\hcciwdbt.ini
c:\windows\system32\hciogwky.ini
c:\windows\system32\hdhtjcku.ini
c:\windows\system32\hgulcwmd.ini
c:\windows\system32\hithxbor.ini
c:\windows\system32\hmchrfkr.ini
c:\windows\system32\hobelkbs.ini
c:\windows\system32\hpbavhmt.ini
c:\windows\system32\hphmon05 .exe
c:\windows\system32\hprklolt.ini
c:\windows\system32\hqrjfrnx.ini
c:\windows\system32\hxnmpyao.ini
c:\windows\system32\iauvkxtu.ini
c:\windows\system32\iawamhcr.ini
c:\windows\system32\icldaptq.ini
c:\windows\system32\idtegtrf.ini
c:\windows\system32\iedkalsy.ini
c:\windows\system32\ifiprlas.ini
c:\windows\system32\ifnhagxm.ini
c:\windows\system32\ijsnutwv.ini
c:\windows\system32\ilhscdwh.ini
c:\windows\system32\ilswdkyf.ini
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\ipocqqgp.ini
c:\windows\system32\ivqyrixn.ini
c:\windows\system32\iydtxump.ini
c:\windows\system32\jdmhydym.ini
c:\windows\system32\jdutcjvh.ini
c:\windows\system32\jgrsmgay.ini
c:\windows\system32\jhsqhlfo.ini
c:\windows\system32\jiaqerfi.ini
c:\windows\system32\jivxrijd.ini
c:\windows\system32\jktahllt.ini
c:\windows\system32\jkvkhyso.ini
c:\windows\system32\jlxxiqhs.ini
c:\windows\system32\jmmerwrs.ini
c:\windows\system32\jodsdxsv.ini
c:\windows\system32\jpocouvk.ini
c:\windows\system32\jqjdvkpo.ini
c:\windows\system32\jrynixhk.ini
c:\windows\system32\jueldspc.ini
c:\windows\system32\juwkveir.ini
c:\windows\system32\jwdaieoy.ini
c:\windows\system32\jxaufkbr.ini
c:\windows\system32\kbhacqdb.ini
c:\windows\system32\kjnwbvur.ini
c:\windows\system32\kjpctfic.ini
c:\windows\system32\kmgxapgf.ini
c:\windows\system32\knshrfxo.ini
c:\windows\system32\knxdhhpd.ini
c:\windows\system32\koifboft.ini
c:\windows\system32\kpgakejr.ini
c:\windows\system32\kpoeddhg.ini
c:\windows\system32\kqyncamj.ini
c:\windows\system32\krmyccbp.ini
c:\windows\system32\kryfsxqx.ini
c:\windows\system32\ktjksoqe.ini
c:\windows\system32\ktuevrat.ini
c:\windows\system32\kycapqbc.ini
c:\windows\system32\kyhpkhja.ini
c:\windows\system32\kythvrwg.ini
c:\windows\system32\laqdxdyv.ini
c:\windows\system32\lbjxjdge.ini
c:\windows\system32\lbrsxkno.ini
c:\windows\system32\lbymeyml.ini
c:\windows\system32\ldusbcac.ini
c:\windows\system32\lgqutrrt.ini
c:\windows\system32\liuoegnt.ini
c:\windows\system32\ljevkbtx.ini
c:\windows\system32\ljlqywsu.ini
c:\windows\system32\ljwgjsrm.ini
c:\windows\system32\lnaewvvn.ini
c:\windows\system32\lnjvddtl.ini
c:\windows\system32\lrufqhll.ini
c:\windows\system32\lsiedwpi.ini
c:\windows\system32\lsxobeiq.ini
c:\windows\system32\ltadrgxa.ini
c:\windows\system32\lunscduh.ini
c:\windows\system32\luwqldfr.ini
c:\windows\system32\lwxoxthy.ini
c:\windows\system32\lxisxfgi.ini
c:\windows\system32\lxthvuta.ini
c:\windows\system32\lyxoalwf.ini
c:\windows\system32\mcguxtxj.ini
c:\windows\system32\mclsmbkp.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\meaisojh.ini
c:\windows\system32\mfmirbqm.ini
c:\windows\system32\mgfrvtik.ini
c:\windows\system32\mhtnjyri.ini
c:\windows\system32\misyqhwt.ini
c:\windows\system32\mktdxcju.ini
c:\windows\system32\mluoncmo.ini
c:\windows\system32\mnmvicen.ini
c:\windows\system32\mnsuwejg.ini
c:\windows\system32\mopxbomy.ini
c:\windows\system32\motouxtl.ini
c:\windows\system32\mplrrmsb.ini
c:\windows\system32\mqvhphha.ini
c:\windows\system32\mrhkfjyp.ini
c:\windows\system32\mrnohvlr.ini
c:\windows\system32\muxctgjv.ini
c:\windows\system32\mxddqysw.ini
c:\windows\system32\mxeoprar.ini
c:\windows\system32\mxmllqsf.ini
c:\windows\system32\myaxvvvb.ini
c:\windows\system32\ndltcaxg.ini
c:\windows\system32\nexjyvbd.ini
c:\windows\system32\nfsiywfm.ini
c:\windows\system32\ngicopws.ini
c:\windows\system32\nhthnduh.ini
c:\windows\system32\nkurjeoj.ini
c:\windows\system32\nlqbviss.ini
c:\windows\system32\nltfomqd.ini
c:\windows\system32\nrsfgypj.ini
c:\windows\system32\nvariaac.ini
c:\windows\system32\nvuyyllg.ini
c:\windows\system32\nyfekpbe.ini
c:\windows\system32\nyxbjdyn.ini
c:\windows\system32\nyxdcebc.ini
c:\windows\system32\ocixadut.ini
c:\windows\system32\oclrgrqh.ini
c:\windows\system32\ocxahndw.ini
c:\windows\system32\oeeiibol.ini
c:\windows\system32\ojwomsay.ini
c:\windows\system32\okugdyme.ini
c:\windows\system32\omgbmdfo.ini
c:\windows\system32\onfudxty.ini
c:\windows\system32\ooeievmj.ini
c:\windows\system32\oopivpun.ini
c:\windows\system32\otqwwanl.ini
c:\windows\system32\ovnnpluo.ini
c:\windows\system32\owdktnhg.ini
c:\windows\system32\oxrayron.ini
c:\windows\system32\pctfpcfm.ini
c:\windows\system32\pdeaumgr.ini
c:\windows\system32\pembnqiy.ini
c:\windows\system32\pgejdpxv.ini
c:\windows\system32\phxstycn.ini
c:\windows\system32\pklpumlo.ini
c:\windows\system32\plccpkii.ini
c:\windows\system32\pmhivahn.ini
c:\windows\system32\pmonnxgc.ini
c:\windows\system32\pnfrofon.ini
c:\windows\system32\pqlivvdf.ini
c:\windows\system32\prmgskvr.ini
c:\windows\system32\ptkwngdf.ini
c:\windows\system32\pwmlxqqm.ini
c:\windows\system32\pyajvdau.ini
c:\windows\system32\pyjgopba.ini
c:\windows\system32\qabkdllr.ini
c:\windows\system32\qbmwqbwo.ini
c:\windows\system32\qbotimdw.ini
c:\windows\system32\qcawmhpd.ini
c:\windows\system32\qdjthahb.ini
c:\windows\system32\qexdlcnq.ini
c:\windows\system32\qfrltxcu.ini
c:\windows\system32\qgloaalk.ini
c:\windows\system32\qhyilwra.ini
c:\windows\system32\qisebgpg.ini
c:\windows\system32\qjxqslvk.ini
c:\windows\system32\qkhxluyp.ini
c:\windows\system32\qokfhdth.ini
c:\windows\system32\qotvndfn.ini
c:\windows\system32\qsbafcwk.ini
c:\windows\system32\qsqmvgqi.ini
c:\windows\system32\qtfkemar.ini
c:\windows\system32\quarrldt.ini
c:\windows\system32\quijuqay.ini
c:\windows\system32\qvdoopwf.ini
c:\windows\system32\qxkrhxey.ini
c:\windows\system32\qygoauwq.ini
c:\windows\system32\rantjaum.ini
c:\windows\system32\rbuneerm.ini
c:\windows\system32\rcrrmhyc.ini
c:\windows\system32\rdnahbud.ini
c:\windows\system32\regsvr32 .exe
c:\windows\system32\rfvuhriw.ini
c:\windows\system32\rjxcuycp.ini
c:\windows\system32\rkvvqsei.ini
c:\windows\system32\rlbvfatv.ini
c:\windows\system32\rlrqasph.ini
c:\windows\system32\rndjgovn.ini
c:\windows\system32\rndjuohf.ini
c:\windows\system32\rogiweeu.ini
c:\windows\system32\rpfnbfhg.ini
c:\windows\system32\rrhdgmwa.ini
c:\windows\system32\rtiqasme.ini
c:\windows\system32\rvowapnc.ini
c:\windows\system32\rybqfbcg.ini
c:\windows\system32\sbuvgjnn.ini
c:\windows\system32\scrjddgp.ini
c:\windows\system32\sdyimslm.ini
c:\windows\system32\sghcbwtv.ini
c:\windows\system32\slcuhitd.ini
c:\windows\system32\slkdtbsg.ini
c:\windows\system32\smxcjdty.ini
c:\windows\system32\snmurnsh.ini
c:\windows\system32\sogvvbxh.ini
c:\windows\system32\sqlplryl.ini
c:\windows\system32\sqsewddq.ini
c:\windows\system32\sraiawno.ini
c:\windows\system32\sttkodab.ini
c:\windows\system32\svevfapj.ini
c:\windows\system32\svtfryim.ini
c:\windows\system32\swwbxklx.ini
c:\windows\system32\taueevsk.ini
c:\windows\system32\tgcrdaia.ini
c:\windows\system32\thkvpgbm.ini
c:\windows\system32\tnyacdpv.ini
c:\windows\system32\tpfoytiq.ini
c:\windows\system32\tpfqyelb.ini
c:\windows\system32\tpjrekaq.ini
c:\windows\system32\tqjbrgwn.ini
c:\windows\system32\tqkbourw.ini
c:\windows\system32\tromyfsk.ini
c:\windows\system32\trwytjfk.ini
c:\windows\system32\ttuepode.ini
c:\windows\system32\tuqsfnks.ini
c:\windows\system32\tuxutyya.ini
c:\windows\system32\tvoxdesn.ini
c:\windows\system32\txsnanxc.ini
c:\windows\system32\tysgswrx.ini
c:\windows\system32\uacshiiq.ini
c:\windows\system32\uanwcylg.ini
c:\windows\system32\ubekkwhs.ini
c:\windows\system32\ublawtdk.ini
c:\windows\system32\ueclxkqo.ini
c:\windows\system32\ueiorteb.ini
c:\windows\system32\uetcvqoc.ini
c:\windows\system32\ujkfsijy.ini
c:\windows\system32\ukptwnsc.ini
c:\windows\system32\ukqorisq.ini
c:\windows\system32\umcieyso.ini
c:\windows\system32\unttmgdd.ini
c:\windows\system32\upejchkb.ini
c:\windows\system32\upjlnyvx.ini
c:\windows\system32\upwcxriw.ini
c:\windows\system32\uqbnwwfl.ini
c:\windows\system32\uqfccfep.ini
c:\windows\system32\uqtlpycw.ini
c:\windows\system32\urqysppq.ini
c:\windows\system32\uunmlvgx.ini
c:\windows\system32\uupxducm.ini
c:\windows\system32\uuwriiwd.ini
c:\windows\system32\uvgjspmj.ini
c:\windows\system32\uvrelcpd.ini
c:\windows\system32\uxambygr.ini
c:\windows\system32\uyqakhkf.ini
c:\windows\system32\uytgntaw.ini
c:\windows\system32\vaatavgt.ini
c:\windows\system32\vcnmydne.ini
c:\windows\system32\vevsvjpa.ini
c:\windows\system32\vgiwxptt.ini
c:\windows\system32\vgjogxgv.ini
c:\windows\system32\vhdeywpo.ini
c:\windows\system32\vimeueaw.ini
c:\windows\system32\vjqgbenh.ini
c:\windows\system32\vkeimaah.ini
c:\windows\system32\vkttoacj.ini
c:\windows\system32\vnxhoyrn.ini
c:\windows\system32\voaiwhvi.ini
c:\windows\system32\vormsdit.ini
c:\windows\system32\vpxivxan.ini
c:\windows\system32\vsvctukv.ini
c:\windows\system32\vvnndboy.ini
c:\windows\system32\vwseitkj.ini
c:\windows\system32\vwxaunpk.ini
c:\windows\system32\vxiiqwyd.ini
c:\windows\system32\vxytqqny.ini
c:\windows\system32\wbicclxy.ini
c:\windows\system32\wgxnbkgs.ini
c:\windows\system32\wljfoadv.ini
c:\windows\system32\wmbwadwv.ini
c:\windows\system32\wmiffhor.ini
c:\windows\system32\womgdlpx.ini
c:\windows\system32\womwgyiw.ini
c:\windows\system32\wrhrdivu.ini
c:\windows\system32\wrutitpd.ini
c:\windows\system32\wtiwgjyv.ini
c:\windows\system32\wuungvtj.ini
c:\windows\system32\wwpuoyka.ini
c:\windows\system32\wylcxsid.ini
c:\windows\system32\xbeeg.tmp2
c:\windows\system32\xcjheuqp.ini
c:\windows\system32\xegwbwyv.ini
c:\windows\system32\xeyykpbn.ini
c:\windows\system32\xgbfsnkl.ini
c:\windows\system32\xltockxx.ini
c:\windows\system32\xmcxoenq.ini
c:\windows\system32\xofnaamt.ini
c:\windows\system32\xoyaffnk.ini
c:\windows\system32\xqpjunmg.ini
c:\windows\system32\xrphrqqs.ini
c:\windows\system32\xtvcpslq.ini
c:\windows\system32\xvkcwjix.ini
c:\windows\system32\xxjudwmg.ini
c:\windows\system32\yavdlcpn.ini
c:\windows\system32\ybelsvel.ini
c:\windows\system32\yblhwekm.ini
c:\windows\system32\yddkogsw.ini
c:\windows\system32\yelbpllv.ini
c:\windows\system32\yggshwsi.ini
c:\windows\system32\yitoapsb.ini
c:\windows\system32\yjsutxam.ini
c:\windows\system32\ykwrmkdl.ini
c:\windows\system32\ylvlfagc.ini
c:\windows\system32\ypobwgvr.ini
c:\windows\system32\ystuckjb.ini
c:\windows\system32\ytxkeafi.ini
c:\windows\system32\yudldhkg.ini
c:\windows\system32\yuitmxcr.ini
c:\windows\system32\yvcbjuqu.ini
c:\windows\system32\yvgmjfxj.ini
c:\windows\system32\ywctjdas.ini
c:\windows\system32\yxbaynjo.ini
c:\windows\system32\yxyffrsg.ini
c:\windows\system32\yyhxtlix.ini
c:\windows\winhelp.ini

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cj+|Cv+@J:NGD_DQ{zcxLJS@QIKHr@VJava Update
.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-06 20:47 . 2010-04-06 20:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-06 20:45 . 2010-04-06 20:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-06 20:12 . 2010-04-06 20:12 96704 ----a-w- c:\windows\system32\ffcdea6e.exe
2010-04-06 20:11 . 2010-04-06 20:11 48287 ----a-w- c:\windows\system32\ypgeoxkwxiuawrp.exe
2010-04-06 19:56 . 2010-04-06 19:56 14390 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-04-06 19:55 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-04-06 19:55 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-04-06 19:34 . 2008-07-10 13:38 28672 ----a-w- c:\windows\Getdisk.exe
2010-04-06 19:34 . 2010-04-06 19:34 -------- d-----w- c:\windows\Recover Data for FAT & NTFS
2010-04-06 19:34 . 2010-04-06 19:34 -------- d-----w- c:\program files\Recover Data for FAT & NTFS
2010-04-06 19:28 . 2010-04-06 19:28 -------- d-----w- c:\program files\USB Flash Drive Data Recovery Software
2010-04-06 18:58 . 2010-04-06 18:58 -------- d-----w- c:\program files\Ontrack
2010-04-06 17:36 . 2010-04-06 17:36 -------- d-----w- c:\program files\Runtime Software
2010-04-06 17:27 . 2010-04-06 17:27 -------- d-----w- c:\program files\EASEUS
2010-03-10 19:43 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 05:35 . 2008-03-23 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-04-08 05:35 . 2009-03-19 21:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2010-04-08 05:35 . 2010-02-06 03:22 -------- d-----w- c:\documents and settings\kris\Application Data\WTablet
2010-04-08 01:20 . 2006-12-02 02:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-08 01:20 . 2009-12-14 22:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-08 01:20 . 2006-11-29 07:36 -------- d-----w- c:\program files\iTunes
2010-04-08 01:20 . 2006-11-29 07:35 -------- d-----w- c:\program files\QuickTime
2010-04-08 00:38 . 2009-11-12 22:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-07 05:48 . 2009-10-19 00:21 491016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-07 05:45 . 2006-11-29 06:44 -------- d-----w- c:\documents and settings\kris\Application Data\uTorrent
2010-04-07 05:39 . 2009-09-17 02:18 -------- d-----w- c:\program files\TortoiseHg
2010-04-07 05:39 . 2006-11-29 06:30 -------- d-----w- c:\program files\uTorrent
2010-04-07 05:39 . 2008-08-03 19:30 -------- d-----w- c:\program files\Taskbar Shuffle
2010-04-06 20:06 . 2009-07-18 23:35 -------- d-----w- c:\documents and settings\kris\Application Data\Dropbox
2010-04-06 18:58 . 2006-11-22 08:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 16:52 . 2008-03-17 03:03 -------- d-----w- c:\documents and settings\kris\Application Data\JDiskReport
2010-04-01 06:20 . 2010-01-10 17:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WTablet
2010-03-30 12:29 . 2008-01-25 03:21 -------- d-----w- c:\documents and settings\kris\Application Data\Skype
2010-03-30 11:00 . 2008-01-25 03:23 -------- d-----w- c:\documents and settings\kris\Application Data\skypePM
2010-03-11 23:27 . 2009-11-08 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-08 04:32 . 2010-03-08 04:32 -------- d-----w- c:\program files\GnuWin32
2010-02-27 02:11 . 2010-02-27 02:11 -------- d-----w- c:\program files\Pano2QTVR
2010-02-25 06:24 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:16 . 2009-12-14 22:27 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 01:44 . 2010-01-11 01:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2008-03-16 11:11 . 2008-03-16 11:11 14290 ----a-w- c:\program files\settings.dat
2009-11-08 04:15 . 2009-11-08 04:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-03-05 17:26 . 2006-12-03 06:55 88 --sh--r- c:\windows\system32\984610F2D7.sys
2007-01-03 02:17 . 2006-12-05 03:40 56 -csh--r- c:\windows\system32\D7F2104698.sys
2009-10-07 12:45 . 2006-12-03 06:55 4444 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

<pre>
c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray .exe
c:\program files\Adobe\Adobe Bridge CS4\bridge .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe
c:\windows\system32\DLA\dlactrlw .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 18:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 21:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\kris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\kris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\kris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-08 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rwvhxpsgjnuim"="c:\windows\system32\nafltixnhyajfkv.dll" [N/A]
"P17Helper"="P17.dll" [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kris^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\kris\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kris^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\kris\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2009-12-03 16:04 3118344 ----a-w- c:\program files\TechSmith\Jing\jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 19:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
c:\program files\Trend Micro\Internet Security 2006\pccguide.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-08-15 09:00 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-02-17 18:58 1266936 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Shuffle]
2008-04-17 04:28 818176 ----a-w- c:\program files\Taskbar Shuffle\taskbarshuffle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TortoiseHgRpcServer]
2009-09-10 23:53 37376 ----a-w- c:\program files\TortoiseHg\thgtaskbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-08 17:43 289584 ----a-w- c:\program files\uTorrent\utorrent .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-03-03 23:05 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2008 5:25 PM 97928]
R1 MpKsl703cb013;MpKsl703cb013;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3276AC67-EAC4-47C9-AB4E-0D744DB72053}\MpKsl703cb013.sys [4/7/2010 10:27 PM 28880]
R1 MpKslb8107029;MpKslb8107029;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3276AC67-EAC4-47C9-AB4E-0D744DB72053}\MpKslb8107029.sys [4/8/2010 2:36 AM 28880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/11/2009 11:44 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 11:44 AM 66632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/5/2008 10:57 PM 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/5/2008 10:58 PM 27776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/28/2008 5:25 PM 231704]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/4/2008 10:59 PM 4718888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 11:44 AM 12872]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 9:37 AM 26624]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/14/2009 6:56 PM 16168]
S2 gupdate1c9b983e7870ed1;Google Update Service (gupdate1c9b983e7870ed1);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2009 11:27 PM 133104]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [11/6/2007 1:08 PM 12288]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [4/5/2008 10:58 PM 47552]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLB8107029

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-04 21:05]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac62a47ae67fe.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:27]

2010-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-04-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061122
uInternet Settings,ProxyServer = 128.220.231.2:3127
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
Trusted Zone: kstmedia.ca\www
DPF: {5283742E-A26D-4B6C-81A1-3111705D4C95} - hxxp://www.luratech.com/download/bin/jpmx.cab
FF - ProfilePath - c:\documents and settings\kris\Application Data\Mozilla\Firefox\Profiles\z1zm7ujx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.ca
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.ca/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\kris\Application Data\Mozilla\Firefox\Profiles\z1zm7ujx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{6a9b9952-373f-e47b-55bf-1e8865796182}\components\e75071df.dll
FF - plugin: c:\documents and settings\kris\Application Data\Mozilla\Firefox\Profiles\z1zm7ujx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\kris\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npi3dw7.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{d5d947e8-78d0-7ff7-2716-4227542173c5} - c:\windows\system32\73462098.dll
AddRemove-LGE PC Portal for N10 - c:\program files\LGE PC Portal\Inst.exe \U
AddRemove-SWF, Lock & Load_is1 - c:\program files\Vertical Moon\SWF
AddRemove-{0CD8A170-E470-11DB-3D6C-00D529464AE1} - c:\program files\Notation\Uninst_Notation Musician 2.3.1



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 02:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEFBAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ccf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9efb852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9dd7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9de4a21
SendHandler -> NDIS.sys @ 0xb9dc287b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1e,c3,6d,c1,bd,4b,7c,2a,7e,cc,90,83,12,b5,4d,44,0e,68,e6,b4,74,
0d,02,2e,11,c1,53,0d,6d,0f,22,12,a7,67,94,87,fa,b6,1e,22,0f,ad,81,46,b0,e3,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9c,7c,77,97,17,3d,87,4e,a5,5b,99,6b,ac,b7,0d,9f,9b,45,c6,a3,5a,
0e,56,7a,53,1f,61,09,08,55,59,4c,e3,1d,a1,02,64,44,d3,7f,bf,ab,1f,9c,b6,d0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1292)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\TortoiseHg\THgShell.dll
c:\documents and settings\kris\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\dllhost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-08 02:52:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 05:52
ComboFix2.txt 2007-10-04 23:40

Pre-Run: 1,397,899,264 bytes free
Post-Run: 6,744,059,904 bytes free

- - End Of File - - B2649C13BB9C262ECA10D467B54D9401

krisbfunk
2010-04-13, 01:15
Here is DDS & attach.zip


DDS (Ver_10-03-17.01) - NTFSx86
Run by kris at 19:11:35.99 on Mon 04/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1680 [GMT -3:00]

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\kris\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061122
uInternet Settings,ProxyServer = 128.220.231.2:3127
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [rwvhxpsgjnuim] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\nafltixnhyajfkv.dll"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
dRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1\exchan~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: kstmedia.ca\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {5283742E-A26D-4B6C-81A1-3111705D4C95} - hxxp://www.luratech.com/download/bin/jpmx.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180155401193
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.photogize.com/bponet/ImageUploader4.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kris\applic~1\mozilla\firefox\profiles\z1zm7ujx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.ca
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.ca/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\kris\application data\mozilla\firefox\profiles\z1zm7ujx.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\{6a9b9952-373f-e47b-55bf-1e8865796182}\components\e75071df.dll
FF - plugin: c:\documents and settings\kris\application data\mozilla\firefox\profiles\z1zm7ujx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\kris\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npi3dw7.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{6a9b9952-373f-e47b-55bf-1e8865796182}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-28 26824]
R1 MpKsl703cb013;MpKsl703cb013;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3276ac67-eac4-47c9-ab4e-0d744db72053}\mpksl703cb013.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3276ac67-eac4-47c9-ab4e-0d744db72053}\MpKsl703cb013.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-11 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 66632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-4-5 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-4-5 27776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-28 231704]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-15 54752]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-4-4 4718888]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 12872]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-14 16168]
S2 gupdate1c9b983e7870ed1;Google Update Service (gupdate1c9b983e7870ed1);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [2008-4-5 47552]

=============== Created Last 30 ================

2010-04-08 01:40:47 0 d-sha-r- C:\cmdcons
2010-04-08 01:39:00 77312 ----a-w- c:\windows\MBR.exe
2010-04-08 01:38:59 98816 ----a-w- c:\windows\sed.exe
2010-04-08 01:38:59 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 20:12:04 96704 ----a-w- c:\windows\system32\ffcdea6e.exe
2010-04-06 20:11:58 48287 ----a-w- c:\windows\system32\ypgeoxkwxiuawrp.exe
2010-04-06 19:56:02 14390 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-04-06 19:55:57 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-04-06 19:55:57 15360 ------w- c:\windows\system32\ctfmon.exe
2010-04-06 19:34:44 28672 ----a-w- c:\windows\Getdisk.exe
2010-04-06 19:34:43 0 d-----w- c:\windows\Recover Data for FAT & NTFS
2010-04-06 19:34:42 0 d-----w- c:\program files\Recover Data for FAT & NTFS
2010-04-06 19:28:51 0 d-----w- c:\program files\USB Flash Drive Data Recovery Software
2010-04-06 18:58:08 0 d-----w- c:\program files\Ontrack
2010-04-06 17:36:06 0 d-----w- c:\program files\Runtime Software
2010-04-06 17:27:14 0 d-----w- c:\program files\EASEUS
2010-03-15 06:18:49 3277 ----a-w- c:\windows\system32\wbem\Outlook_01cac407603ebe8f.mof

==================== Find3M ====================

2010-02-25 14:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-03-16 11:11:25 14290 ----a-w- c:\program files\settings.dat
2007-03-05 17:26:44 88 --sh--r- c:\windows\system32\984610F2D7.sys
2007-01-03 02:17:43 56 -csh--r- c:\windows\system32\D7F2104698.sys
2009-10-07 12:45:49 4444 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:13:26.41 ===============

Blade81
2010-04-13, 08:07
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:

Download a fresh copy of ComboFix to your desktop from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

Run it & post back the report & fresh dds log.

tashi
2010-04-19, 22:13
krisbfunk this thread has been closed due to inactivity. As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.


Thank you Blade81.