PDA

View Full Version : I have no idea what I have



alex123
2010-04-29, 12:59
DDS log is as follows:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Craig at 5:37:23.32 on Thu 04/29/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3571.1972 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Craig\AppData\Roaming\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.exe
C:\Users\Craig\AppData\Local\ave.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\ZSSnp211.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\Craig\AppData\Local\Temp\sysmon64x.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Craig\AppData\Local\Temp\Digital Protection\digprot.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\taskeng.exe
C:\Users\Craig\AppData\Local\Temp\dirC985\wm.exe
C:\Users\Craig\AppData\Local\Temp\dirC9C5\wmha.exe
C:\Windows\system32\DllHost.exe
C:\Users\Craig\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\craig\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [sysmon64x.exe] c:\users\craig\appdata\local\temp\sysmon64x.exe
uRun: [Digital Protection] "c:\users\craig\appdata\local\temp\digital protection\digprot.exe" -noscan
uRun: [novavapp] c:\users\craig\appdata\roaming\microsoft\internet explorer\novavappq.exe
uRun: [novavappr] c:\users\craig\appdata\roaming\microsoft\internet explorer\novavapps.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager - lamannia\TurbineDownloadManagerIcon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZSSnp211] c:\windows\ZSSnp211.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [tidadepije] Rundll32.exe "c:\programdata\jakonehu\jakonehu.dll",s
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registrationa1\RegistrationReminder.exe
StartupFolder: c:\users\craig\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\users\craig\appdata\roaming\mozilla\firefox\profiles\3chcccup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://welcometointernet.org/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\craig\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\craig\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\craig\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\firefox\profiles\3chcccup.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_820ff26a\AEstSrv.exe [2009-8-10 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-4-9 447264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-7 583640]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-4-10 77824]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-13 2440120]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-8-11 46824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-10 29736]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-8-10 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-8-10 224384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-14 102448]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-25 3666432]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-8-10 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-8-10 280096]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [2009-5-13 23888]
S4 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-8-10 45056]
S4 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-8-10 48640]
S4 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-8-10 38400]

============== File Associations ===============

regfile="regedit.exe" "%1"
.exe=secfile

=============== Created Last 30 ================

2010-04-29 09:34:30 0 ----a-w- c:\users\craig\appdata\roaming\extra1.dat
2010-04-29 09:31:22 1048 ----a-w- c:\programdata\fiosejgfse.dll
2010-04-29 09:24:46 0 d-----w- c:\users\craig\appdata\roaming\scdata
2010-04-29 09:14:03 34816 ----a-w- c:\users\craig\appdata\roaming\alggui.exe
2010-04-29 09:14:02 36 ----a-w- c:\users\craig\appdata\roaming\skynet.dat
2010-04-29 09:14:02 3 ----a-w- c:\users\craig\appdata\roaming\wp3.dat
2010-04-29 09:14:01 80 ----a-w- c:\users\craig\appdata\roaming\wp4.dat
2010-04-29 09:14:01 28672 ----a-w- c:\users\craig\appdata\roaming\svchost.exe
2010-04-29 09:13:41 0 d-----w- c:\users\craig\appdata\roaming\AKM Antivirus 2010 Pro
2010-04-29 09:13:20 1047552 ----a-w- c:\users\craig\appdata\roaming\wpp.exe
2010-04-29 09:13:06 0 d-----w- c:\programdata\teruvobi
2010-04-29 09:13:06 0 d-----w- c:\programdata\fimukoto
2010-04-29 09:13:05 0 d-----w- c:\programdata\mukesiwu
2010-04-29 09:13:05 0 d-----w- c:\programdata\gifumuya
2010-04-29 09:08:00 0 d-----w- c:\programdata\risozope
2010-04-29 09:08:00 0 d-----w- c:\programdata\lowagaje
2010-04-29 09:08:00 0 d-----w- c:\programdata\jakonehu
2010-04-26 09:55:06 547 ------w- c:\windows\hpomdl30.dat
2010-04-26 09:55:06 150681 ----a-w- c:\windows\hpoins30.dat
2010-04-26 09:51:57 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-04-26 09:51:57 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-04-26 09:51:56 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-04-26 01:53:54 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-04-26 01:50:25 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-26 01:50:24 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-04-22 18:50:15 191359 ----a-w- c:\users\craig\prettteh.jpg
2010-04-22 17:06:39 40693 ----a-w- c:\users\craig\the vizier.jpg
2010-04-22 03:19:45 131246 ----a-w- c:\users\craig\24483_1174700427703_1833867988_332686_3597772_n_1_.jpg
2010-04-20 01:16:20 584728 ----a-w- c:\users\craig\sexy tic tacs.jpg
2010-04-19 04:52:09 0 d-----w- c:\program files\kSolo
2010-04-17 22:56:56 0 ----a-w- C:\t1is.1
2010-04-14 16:46:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:46:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 16:46:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:46:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 16:46:18 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 16:46:13 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:46:04 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 16:46:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 16:45:51 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 16:45:50 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 16:45:50 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 16:43:38 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:42:55 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 07:57:03 154029 ----a-w- c:\users\craig\burnt-rice.jpg
2010-04-13 16:31:53 47543 ----a-w- c:\users\craig\seeker of dream.jpg
2010-04-12 08:39:06 65536 --sha-w- c:\users\craig\ntuser.dat{0262bdeb-460e-11df-857f-f55f4f675c76}.TM.blf
2010-04-12 08:39:06 524288 --sha-w- c:\users\craig\ntuser.dat{0262bdeb-460e-11df-857f-f55f4f675c76}.TMContainer00000000000000000002.regtrans-ms
2010-04-12 08:39:06 524288 --sha-w- c:\users\craig\ntuser.dat{0262bdeb-460e-11df-857f-f55f4f675c76}.TMContainer00000000000000000001.regtrans-ms
2010-04-12 07:37:11 0 d-----w- C:\Wave Systems Corp
2010-04-12 07:36:59 0 d-----w- C:\acccore

==================== Find3M ====================

2010-04-29 09:18:54 203448 ----a-w- c:\programdata\nvModes.dat
2010-04-26 09:58:25 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-26 09:58:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-26 09:58:25 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 03:51:24 163428 ----a-w- c:\windows\hphins33.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 05:14:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-28 02:20:10 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 13:13:19 475136 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 09:01:40 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-10 11:39:18 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:38:52.20 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 8/9/2009 11:53:05 PM
System Uptime: 4/29/2010 5:16:10 AM (0 hours ago)

Motherboard: Dell Inc. | | 0X564R
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 800/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 231 GiB total, 121.452 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.123 GiB free.
E: is CDROM (CDFS)
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0039
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0039
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
AAC Decoder
Able2Doc v5.0
Adobe AIR
Adobe Anchor Service CS4
Adobe CSI CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Update Manager CS4
AIM 7
Akamai NetSession Interface
All Day Battery Life Configuration
Ambient Light Sensor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Autodesk Backburner 2008.1
AutoUpdate
AVS Audio Editor version 5.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BioAPI Framework
biolsp patch
BlueJ 2.5.3
Bonjour
Broadcom USH Host Components
BufferChm
C4580
Command & Conquer Generals
Connect
Copy
Counter-Strike: Source
D1600
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Driver Download Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Destination Component
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DJ_SF_06_D1600_SW_Min
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Talk Plugin
GPBaseService2
H.264 Decoder
Heroes of Might and Magic V - Tribes of the East
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
HP Photosmart Essential 3.5
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Integrated Webcam Driver (1.06.03.0309)
Intel PROSet Wireless
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel(R) PROSet/Wireless WiFi API
Intel(R) PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
Junk Mail filter update
kSolo Recorder
kuler
League of Legends
LiveUpdate 3.3 (Symantec Corporation)
MarketResearch
Mathcad 14.0 M020
Mathcad 14.0 M020 Resource Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Might and Magic® VII
MKV Splitter
Move Media Player
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton Security Scan
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX v8.10.29
Oblivion
OpenRPG
Pando Media Booster
PowerDVD DX
Preboot Manager
Private Information Manager
PS_AIO_04_C4580_Software_Min
PunkBuster Services
QuickTime
Registry Mechanic 9.0
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Wizards
Shop for HP Supplies
SmartWebPrinting
SO32MMWrapper
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Steam
Suite Shared Configuration CS4
Symantec Endpoint Protection
Toolbox
TrayApp
Trusted Drive Manager
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
USb Missile Launcher
USB PC Camera(ZS0211)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Ventrilo Server
VirtualCloneDrive
Visual C++ 8.0 ATL (x86) WinSXS MSM
Wave Infrastructure Installer
Wave Support Software
WavePad Sound Editor
WebReg
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Xobni
Xobni Core
Yahoo! BrowserPlus

==== End Of File ===========================

ken545
2010-04-30, 20:38
Hello Alex

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Before we begin we need to check if there is a rootkit present.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

alex123
2010-05-03, 08:19
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 01:17:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Craig\AppData\Local\Temp\aglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT 89374500 ZwAlertResumeThread
SSDT 893745E0 ZwAlertThread
SSDT 891E71E0 ZwAllocateVirtualMemory
SSDT 891942A0 ZwConnectPort
SSDT 89374150 ZwCreateMutant
SSDT 891E7338 ZwCreateThread
SSDT 891E6F80 ZwFreeVirtualMemory
SSDT 893742C0 ZwImpersonateAnonymousToken
SSDT 893743A0 ZwImpersonateThread
SSDT 891E6EA0 ZwMapViewOfSection
SSDT 89374070 ZwOpenEvent
SSDT 891E67C8 ZwOpenProcessToken
SSDT 89372008 ZwOpenThreadToken
SSDT 89372430 ZwResumeThread
SSDT 89372370 ZwSetContextThread
SSDT 891E6CD0 ZwSetInformationProcess
SSDT 89372280 ZwSetInformationThread
SSDT 891E5CE8 ZwSuspendProcess
SSDT 893720C0 ZwSuspendThread
SSDT 8919EA98 ZwTerminateProcess
SSDT 893721A0 ZwTerminateThread
SSDT 891E6DC0 ZwUnmapViewOfSection
SSDT 891E7110 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820F3880 8 Bytes [00, 45, 37, 89, E0, 45, 37, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820F3894 4 Bytes [E0, 71, 1E, 89]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820F3924 4 Bytes [A0, 42, 19, 89]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820F3958 4 Bytes [50, 41, 37, 89]
.text ntkrnlpa.exe!KeSetEvent + 221 820F3984 4 Bytes [38, 73, 1E, 89]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556dc7167
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556dc7167 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid 65536 bytes

---- EOF - GMER 1.0.15 ----

ken545
2010-05-03, 11:44
Good Morning,

No rootkit that I can see :bigthumb:


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

alex123
2010-05-03, 13:30
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/3/2010 6:28:08 AM
mbam-log-2010-05-03 (06-28-08).txt

Scan type: Quick scan
Objects scanned: 148865
Time elapsed: 19 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 130

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AKM Antivirus 2010 Pro (Rogue.AKMAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmon64x.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tidadepije (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Craig\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Craig\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Craig\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AKM Antivirus 2010 Pro (Rogue.AKMAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Craig\AppData\Local\Temp\E9F1.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\F5B5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA138.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3ed4.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA6fb3.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAbff5.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\TMPE926.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\topwesitjh (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\maosnwcrex.exe (Trojan.Sshnas) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA71f4.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA72a0.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA72cf.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA79d1.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA7c50.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA7e73.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA8297.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA83a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA83df.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA84a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA8871.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA897a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA898.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA8c86.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA8ddd.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA953d.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA9636.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA96c3.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA9971.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA99df.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA9f3b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAa054.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAa3fc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAa68b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAa7b4.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAab3d.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAac36.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAac46.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAb099.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAb2ea.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAb692.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAb818.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAba2b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAbae6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA13fd.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA163e.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA17c4.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA1822.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA1e4a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA200e.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA207b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA2211.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA25e8.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA26d2.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA2710.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA2896.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA2922.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA2fc7.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3072.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA32a4.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3459.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3784.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3b7a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3c16.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA3e38.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAc033.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAc523.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAc7c1.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAcba8.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAd133.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAd327.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAd597.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAd7f7.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAd8e1.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAda96.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAdb70.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAe13a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAe282.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAe5bd.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAe697.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAec0.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAed99.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAef9c.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf057.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf269.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf373.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf4c.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf66f.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf872.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf9a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAf9b9.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAfa46.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMAfee7.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA4328.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA4624.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA495f.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA49cc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA4cc8.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA4d07.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA517a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA52e0.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA5418.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA5438.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA57c.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA58ca.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA5bd6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA5e65.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA5ea3.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA601a.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA6190.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA6410.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA690f.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\PRAGMA6a18.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\Digital Protection\digext.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Local\Temp\Digital Protection\Uninstall.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Craig\downloads\setup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Craig\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.lnk (Rogue.AKMAntivirus) -> Quarantined and deleted successfully.
C:\Users\Craig\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ken545
2010-05-03, 14:09
Hello Alex,

You where infected by a couple of rogue programs , there could be more that has to be removed.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

alex123
2010-05-03, 15:04
ComboFix 10-05-02.03 - Craig 05/03/2010 7:43.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3571.1899 [GMT -4:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-655683987-928240968-4200487773-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Craig\AppData\Local\Microsoft\Windows\Temporary Internet Files\32RJ6I0t.jpg
c:\users\Craig\AppData\Local\Microsoft\Windows\Temporary Internet Files\bnJ6bkS2h.jpg
c:\users\Craig\AppData\Local\Microsoft\Windows\Temporary Internet Files\G0f3tW.jpg
c:\users\Craig\AppData\Local\Microsoft\Windows\Temporary Internet Files\tE1nLI.jpg

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 11:57 . 2010-05-03 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-03 11:32 . 2010-05-03 11:32 388096 ----a-r- c:\users\Craig\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-03 11:32 . 2010-05-03 11:32 -------- d-----w- c:\program files\Trend Micro
2010-05-03 10:46 . 2010-05-03 10:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-03 10:36 . 2010-05-03 10:36 253952 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ccsm.exe
2010-05-03 10:36 . 2010-05-03 10:36 315392 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ccsr.exe
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2010-05-03 10:05 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\programdata\Malwarebytes
2010-05-03 10:05 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 01:28 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\navex32a.dll
2010-05-03 01:28 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\navex15.sys
2010-05-03 01:28 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\naveng.sys
2010-05-03 01:28 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\eeCtrl.sys
2010-05-03 01:28 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\cceraser.dll
2010-05-03 01:28 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\ecmsvr32.dll
2010-05-03 01:28 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\naveng32.dll
2010-05-03 01:28 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\ERASER.sys
2010-05-02 02:27 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\naveng.sys
2010-05-02 02:27 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\eeCtrl.sys
2010-05-02 02:27 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\ecmsvr32.dll
2010-05-02 02:27 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\naveng32.dll
2010-05-02 02:27 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\navex32a.dll
2010-05-02 02:27 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\navex15.sys
2010-05-02 02:27 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\ERASER.sys
2010-05-02 02:27 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\cceraser.dll
2010-04-29 18:24 . 2010-05-03 10:47 -------- d-----w- c:\users\Craig\Tracing
2010-04-29 18:04 . 2009-03-08 18:09 638816 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\iexplore.exe
2010-04-29 18:04 . 2009-03-08 08:33 246784 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ieproxy.dll
2010-04-29 18:04 . 2010-04-29 18:04 398514 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\sfx.exe
2010-04-29 10:06 . 2010-04-29 10:06 -------- d-----w- c:\program files\ERUNT
2010-04-29 09:24 . 2010-04-29 21:56 150576 ----a-w- c:\users\Craig\AppData\Roaming\scdata\dbsinit.exe
2010-04-29 09:24 . 2010-04-29 21:56 -------- d-----w- c:\users\Craig\AppData\Roaming\scdata
2010-04-29 09:14 . 2010-04-29 21:23 34816 ----a-w- c:\users\Craig\AppData\Roaming\alggui.exe
2010-04-29 09:13 . 2010-04-30 10:31 -------- d-----w- c:\users\Craig\AppData\Roaming\AKM Antivirus 2010 Pro
2010-04-29 09:13 . 2010-04-29 09:13 -------- d-----w- c:\programdata\fimukoto
2010-04-29 09:13 . 2010-04-29 09:13 -------- d-----w- c:\programdata\teruvobi
2010-04-29 09:13 . 2010-04-29 09:13 -------- d-----w- c:\programdata\mukesiwu
2010-04-29 09:13 . 2010-04-29 09:13 -------- d-----w- c:\programdata\gifumuya
2010-04-29 09:08 . 2010-04-29 20:54 -------- d-----w- c:\programdata\jakonehu
2010-04-29 09:08 . 2010-04-29 09:08 -------- d-----w- c:\programdata\risozope
2010-04-29 09:08 . 2010-04-29 09:08 -------- d-----w- c:\programdata\lowagaje
2010-04-26 09:57 . 2010-04-26 09:57 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-26 09:55 . 2010-04-26 10:06 150681 ----a-w- c:\windows\hpoins30.dat
2010-04-26 09:55 . 2008-12-06 02:52 547 ------w- c:\windows\hpomdl30.dat
2010-04-26 09:51 . 2008-10-24 17:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-04-26 09:51 . 2008-10-24 17:34 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-04-26 09:51 . 2008-10-24 17:34 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-04-26 01:58 . 2008-10-24 15:48 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-04-26 01:53 . 2008-10-24 15:48 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-04-26 01:50 . 2008-10-24 17:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-26 01:50 . 2008-10-24 17:34 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-19 08:38 . 2010-04-19 08:38 -------- d-----w- c:\windows\Sun
2010-04-19 04:52 . 2010-04-19 04:52 -------- d-----w- c:\program files\kSolo
2010-04-14 16:46 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 16:46 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:46 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:46 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 16:46 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 16:46 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:45 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 16:45 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 16:45 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 16:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:42 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 08:24 . 2010-04-12 08:24 -------- d-----w- c:\users\Default\AppData\Local\Symantec
2010-04-12 07:37 . 2010-04-12 07:37 -------- d-----w- C:\Wave Systems Corp
2010-04-12 07:36 . 2010-04-12 07:37 -------- d-----w- C:\acccore
2010-04-08 16:13 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG.SYS
2010-04-08 16:13 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX15.SYS
2010-04-08 16:13 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ECMSVR32.DLL
2010-04-08 16:13 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\EECTRL.SYS
2010-04-08 16:13 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ERASER.SYS
2010-04-08 16:13 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG32.DLL
2010-04-08 16:13 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX32A.DLL
2010-04-08 16:13 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\CCERASER.DLL
2010-04-08 02:08 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVEX15.SYS
2010-04-08 02:08 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVENG32.DLL
2010-04-08 02:08 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVEX32A.DLL
2010-04-08 02:08 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVENG.SYS
2010-04-08 02:08 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\CCERASER.DLL
2010-04-08 02:08 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\ECMSVR32.DLL
2010-04-08 02:08 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\EECTRL.SYS
2010-04-08 02:08 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\ERASER.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 11:44 . 2009-12-06 11:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-03 10:48 . 2010-01-21 05:22 -------- d-----w- c:\program files\Common Files\Steam
2010-05-03 10:48 . 2010-01-21 05:22 -------- d-----w- c:\program files\Steam
2010-05-03 10:46 . 2009-08-24 13:08 0 ----a-w- c:\users\Craig\AppData\Local\WavXMapDrive.bat
2010-05-03 10:45 . 2009-08-24 15:56 203448 ----a-w- c:\programdata\nvModes.dat
2010-05-03 10:42 . 2009-08-10 09:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-29 22:29 . 2010-04-29 09:14 3 ----a-w- c:\users\Craig\AppData\Roaming\wp3.dat
2010-04-29 22:29 . 2010-04-29 09:14 80 ----a-w- c:\users\Craig\AppData\Roaming\wp4.dat
2010-04-29 09:34 . 2010-04-29 09:34 0 ----a-w- c:\users\Craig\AppData\Roaming\extra1.dat
2010-04-29 09:14 . 2010-04-29 09:14 36 ----a-w- c:\users\Craig\AppData\Roaming\skynet.dat
2010-04-26 10:08 . 2010-03-09 03:51 -------- d-----w- c:\users\Craig\AppData\Roaming\HP
2010-04-14 21:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 21:21 . 2009-08-24 14:09 -------- d-----w- c:\programdata\Microsoft Help
2010-03-29 08:00 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2010-03-29 08:00 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2010-03-29 08:00 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2010-03-29 08:00 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2010-03-29 08:00 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2010-03-29 08:00 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2010-03-29 08:00 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2010-03-29 08:00 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2010-03-14 09:19 . 2010-03-14 09:19 -------- d-----w- c:\programdata\AirportMania
2010-03-14 09:18 . 2010-03-14 09:18 -------- d-----w- c:\program files\ReflexiveArcade
2010-03-14 01:46 . 2010-03-14 01:46 -------- d-----w- c:\programdata\McAfee
2010-03-12 03:14 . 2009-10-24 23:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-12 03:13 . 2009-10-24 23:32 38784 ----a-w- c:\users\Craig\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-12 03:13 . 2009-10-24 23:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 18:24 . 2009-08-24 13:08 102376 ----a-w- c:\users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 03:51 . 2010-03-09 03:16 -------- d-----w- c:\programdata\HP
2010-03-09 03:51 . 2010-03-09 03:51 -------- d-----w- c:\programdata\WEBREG
2010-03-09 03:51 . 2010-03-09 03:17 163428 ----a-w- c:\windows\hphins33.dat
2010-03-09 03:42 . 2010-03-09 03:21 -------- d-----w- c:\program files\HP
2010-03-09 03:41 . 2010-03-09 03:41 -------- d-----w- c:\program files\Common Files\HP
2010-03-09 03:37 . 2010-03-09 03:37 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-09 03:30 . 2010-03-09 03:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-07 04:05 . 2010-03-07 04:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-05 04:18 . 2010-03-05 04:17 -------- d-----w- c:\users\Craig\AppData\Roaming\FOG Downloader
2010-02-24 14:16 . 2009-10-02 21:25 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 15:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 15:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 15:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 15:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 09:15 . 2010-01-22 20:43 680 ----a-w- c:\users\Craig\AppData\Local\d3d9caps.dat
2009-08-10 11:39 . 2009-04-11 19:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-29 133104]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-27 1238352]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-23 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 134144]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-04-10 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-27 483428]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-13 115560]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1094944]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1d,1a,15,df,c2,24,ca,01

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-05-13 23888]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 XDva326;XDva326;c:\windows\system32\XDva326.sys [x]
R4 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-04-03 45056]
R4 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-04-03 48640]
R4 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-04-03 38400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [2009-04-27 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-04-09 447264]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-04-10 77824]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-11-13 46824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-10 29736]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2009-04-16 32808]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-02-23 224384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-30 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-30 280096]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 02:13]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 02:13]

2010-05-02 c:\windows\Tasks\Norton Security Scan for Craig.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\3chcccup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://welcometointernet.org/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Craig\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Craig\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\3chcccup.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 07:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-03 08:02:49
ComboFix-quarantined-files.txt 2010-05-03 12:02

Pre-Run: 130,047,754,240 bytes free
Post-Run: 132,261,232,640 bytes free

- - End Of File - - 6187439E748D9A93293399BDAEFBFCE2


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:04:42 AM, on 5/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 14461 bytes

ken545
2010-05-03, 15:28
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Collect::




Collect::
c:\users\Craig\AppData\Roaming\wp3.dat
c:\users\Craig\AppData\Roaming\wp4.dat
c:\users\Craig\AppData\Roaming\extra1.dat
c:\users\Craig\AppData\Roaming\skynet.dat
c:\users\Craig\AppData\Roaming\alggui.exe


Folder::
c:\programdata\fimukoto
c:\programdata\teruvobi
c:\programdata\mukesiwu
c:\programdata\gifumuya
c:\programdata\jakonehu
c:\programdata\risozope
c:\programdata\lowagaje
c:\users\Craig\AppData\Roaming\scdata\dbsinit.exe
c:\users\Craig\AppData\Roaming\AKM Antivirus 2010 Pro


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

alex123
2010-05-03, 16:21
ComboFix 10-05-02.03 - Craig 05/03/2010 8:50.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3571.1730 [GMT -4:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\Craig\AppData\Roaming\alggui.exe
file zipped: c:\users\Craig\AppData\Roaming\extra1.dat
file zipped: c:\users\Craig\AppData\Roaming\skynet.dat
file zipped: c:\users\Craig\AppData\Roaming\wp3.dat
file zipped: c:\users\Craig\AppData\Roaming\wp4.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\fimukoto
c:\programdata\gifumuya
c:\programdata\gifumuya\gifumuya.exe
c:\programdata\jakonehu
c:\programdata\lowagaje
c:\programdata\mukesiwu
c:\programdata\mukesiwu\mukesiwu.exe
c:\programdata\risozope
c:\programdata\teruvobi
c:\users\Craig\AppData\Roaming\AKM Antivirus 2010 Pro
c:\users\Craig\AppData\Roaming\alggui.exe
c:\users\Craig\AppData\Roaming\extra1.dat
c:\users\Craig\AppData\Roaming\skynet.dat
c:\users\Craig\AppData\Roaming\wp3.dat
c:\users\Craig\AppData\Roaming\wp4.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 13:11 . 2010-05-03 13:11 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-05-03 13:11 . 2010-05-03 13:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-03 13:11 . 2010-05-03 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-03 11:32 . 2010-05-03 11:32 388096 ----a-r- c:\users\Craig\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-03 11:32 . 2010-05-03 11:32 -------- d-----w- c:\program files\Trend Micro
2010-05-03 10:46 . 2010-05-03 10:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-03 10:36 . 2010-05-03 10:36 253952 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ccsm.exe
2010-05-03 10:36 . 2010-05-03 10:36 315392 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ccsr.exe
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2010-05-03 10:05 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 10:05 . 2010-05-03 10:05 -------- d-----w- c:\programdata\Malwarebytes
2010-05-03 10:05 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 01:28 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\navex32a.dll
2010-05-03 01:28 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\navex15.sys
2010-05-03 01:28 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\naveng.sys
2010-05-03 01:28 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\eeCtrl.sys
2010-05-03 01:28 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\cceraser.dll
2010-05-03 01:28 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\ecmsvr32.dll
2010-05-03 01:28 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\naveng32.dll
2010-05-03 01:28 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100502.020\ERASER.sys
2010-05-02 02:27 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\naveng.sys
2010-05-02 02:27 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\eeCtrl.sys
2010-05-02 02:27 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\ecmsvr32.dll
2010-05-02 02:27 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\naveng32.dll
2010-05-02 02:27 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\navex32a.dll
2010-05-02 02:27 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\navex15.sys
2010-05-02 02:27 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\ERASER.sys
2010-05-02 02:27 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100501.018\cceraser.dll
2010-04-29 18:24 . 2010-05-03 10:47 -------- d-----w- c:\users\Craig\Tracing
2010-04-29 18:04 . 2009-03-08 18:09 638816 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\iexplore.exe
2010-04-29 18:04 . 2009-03-08 08:33 246784 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ieproxy.dll
2010-04-29 18:04 . 2010-04-29 18:04 398514 ----a-w- c:\users\Craig\AppData\Roaming\Microsoft\Internet Explorer\sfx.exe
2010-04-29 10:06 . 2010-04-29 10:06 -------- d-----w- c:\program files\ERUNT
2010-04-29 09:24 . 2010-04-29 21:56 150576 ----a-w- c:\users\Craig\AppData\Roaming\scdata\dbsinit.exe
2010-04-29 09:24 . 2010-04-29 21:56 -------- d-----w- c:\users\Craig\AppData\Roaming\scdata
2010-04-26 09:57 . 2010-04-26 09:57 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-26 09:55 . 2010-04-26 10:06 150681 ----a-w- c:\windows\hpoins30.dat
2010-04-26 09:55 . 2008-12-06 02:52 547 ------w- c:\windows\hpomdl30.dat
2010-04-26 09:51 . 2008-10-24 17:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-04-26 09:51 . 2008-10-24 17:34 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-04-26 09:51 . 2008-10-24 17:34 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-04-26 01:58 . 2008-10-24 15:48 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-04-26 01:53 . 2008-10-24 15:48 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-04-26 01:50 . 2008-10-24 17:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-26 01:50 . 2008-10-24 17:34 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-19 08:38 . 2010-04-19 08:38 -------- d-----w- c:\windows\Sun
2010-04-19 04:52 . 2010-04-19 04:52 -------- d-----w- c:\program files\kSolo
2010-04-14 16:46 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 16:46 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:46 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:46 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 16:46 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 16:46 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:45 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 16:45 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 16:45 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 16:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:42 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 08:24 . 2010-04-12 08:24 -------- d-----w- c:\users\Default\AppData\Local\Symantec
2010-04-12 07:37 . 2010-04-12 07:37 -------- d-----w- C:\Wave Systems Corp
2010-04-12 07:36 . 2010-04-12 07:37 -------- d-----w- C:\acccore
2010-04-08 16:13 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG.SYS
2010-04-08 16:13 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX15.SYS
2010-04-08 16:13 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ECMSVR32.DLL
2010-04-08 16:13 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\EECTRL.SYS
2010-04-08 16:13 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ERASER.SYS
2010-04-08 16:13 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG32.DLL
2010-04-08 16:13 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX32A.DLL
2010-04-08 16:13 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\CCERASER.DLL
2010-04-08 02:08 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVEX15.SYS
2010-04-08 02:08 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVENG32.DLL
2010-04-08 02:08 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVEX32A.DLL
2010-04-08 02:08 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\NAVENG.SYS
2010-04-08 02:08 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\CCERASER.DLL
2010-04-08 02:08 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\ECMSVR32.DLL
2010-04-08 02:08 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\EECTRL.SYS
2010-04-08 02:08 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100407.033\ERASER.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 13:12 . 2009-12-06 11:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-03 10:48 . 2010-01-21 05:22 -------- d-----w- c:\program files\Common Files\Steam
2010-05-03 10:48 . 2010-01-21 05:22 -------- d-----w- c:\program files\Steam
2010-05-03 10:46 . 2009-08-24 13:08 0 ----a-w- c:\users\Craig\AppData\Local\WavXMapDrive.bat
2010-05-03 10:45 . 2009-08-24 15:56 203448 ----a-w- c:\programdata\nvModes.dat
2010-05-03 10:42 . 2009-08-10 09:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-26 10:08 . 2010-03-09 03:51 -------- d-----w- c:\users\Craig\AppData\Roaming\HP
2010-04-14 21:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 21:21 . 2009-08-24 14:09 -------- d-----w- c:\programdata\Microsoft Help
2010-03-29 08:00 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2010-03-29 08:00 . 2010-03-29 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2010-03-29 08:00 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2010-03-29 08:00 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2010-03-29 08:00 . 2010-03-29 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2010-03-29 08:00 . 2010-03-29 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2010-03-29 08:00 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2010-03-29 08:00 . 2010-03-29 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2010-03-14 09:19 . 2010-03-14 09:19 -------- d-----w- c:\programdata\AirportMania
2010-03-14 09:18 . 2010-03-14 09:18 -------- d-----w- c:\program files\ReflexiveArcade
2010-03-14 01:46 . 2010-03-14 01:46 -------- d-----w- c:\programdata\McAfee
2010-03-12 03:14 . 2009-10-24 23:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-12 03:13 . 2009-10-24 23:32 38784 ----a-w- c:\users\Craig\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-12 03:13 . 2009-10-24 23:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 18:24 . 2009-08-24 13:08 102376 ----a-w- c:\users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 03:51 . 2010-03-09 03:16 -------- d-----w- c:\programdata\HP
2010-03-09 03:51 . 2010-03-09 03:51 -------- d-----w- c:\programdata\WEBREG
2010-03-09 03:51 . 2010-03-09 03:17 163428 ----a-w- c:\windows\hphins33.dat
2010-03-09 03:42 . 2010-03-09 03:21 -------- d-----w- c:\program files\HP
2010-03-09 03:41 . 2010-03-09 03:41 -------- d-----w- c:\program files\Common Files\HP
2010-03-09 03:37 . 2010-03-09 03:37 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-09 03:30 . 2010-03-09 03:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-07 04:05 . 2010-03-07 04:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-05 04:18 . 2010-03-05 04:17 -------- d-----w- c:\users\Craig\AppData\Roaming\FOG Downloader
2010-02-24 14:16 . 2009-10-02 21:25 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 15:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 15:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 15:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 15:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 09:15 . 2010-01-22 20:43 680 ----a-w- c:\users\Craig\AppData\Local\d3d9caps.dat
2009-08-10 11:39 . 2009-04-11 19:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-29 133104]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-27 1238352]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-23 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 134144]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-04-10 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-27 483428]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-13 115560]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1094944]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1d,1a,15,df,c2,24,ca,01

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-05-13 23888]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 XDva326;XDva326;c:\windows\system32\XDva326.sys [x]
R4 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-04-03 45056]
R4 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-04-03 48640]
R4 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-04-03 38400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [2009-04-27 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-04-09 447264]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-04-10 77824]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-11-13 46824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-10 29736]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2009-04-16 32808]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-02-23 224384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-30 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-30 280096]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 02:13]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 02:13]

2010-05-02 c:\windows\Tasks\Norton Security Scan for Craig.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\3chcccup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://welcometointernet.org/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Craig\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Craig\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\3chcccup.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Craig\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 09:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-03 09:18:27
ComboFix-quarantined-files.txt 2010-05-03 13:18
ComboFix2.txt 2010-05-03 12:02

Pre-Run: 131,257,540,608 bytes free
Post-Run: 131,225,612,288 bytes free

- - End Of File - - 95048D80A27A004F48BC46B9C98C6EE6
Upload was successful

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:56 AM, on 5/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 14374 bytes

ken545
2010-05-03, 16:38
Hi Alex,

How are things running now ?

alex123
2010-05-03, 16:41
I am running a full scan on Malwarebytes and it is picking up 40+ infected files.

Things are running remarkably better already though, thankyou.

ken545
2010-05-03, 16:45
Let me see the Malwarebytes report please, they may just be back ups of what Combofix removed

alex123
2010-05-03, 21:02
Actually, they were all files that symantec quarantined, even though I turned Symantec off. Anyway,

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/3/2010 2:00:47 PM
mbam-log-2010-05-03 (14-00-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 278763
Time elapsed: 4 hour(s), 34 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ5213.tmp (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ16E5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ26EE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ297.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ2E6E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ30F8.tmp (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ340A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ35C9.tmp (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ39C5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ3F2D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ4871.tmp (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6C1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ78CD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8194.tmp (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ891.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8BB3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9AF2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQA964.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQB373.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQBFC3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQC917.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQD059.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQD75C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQDD65.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQE256.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQE91A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQEE2A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQF720.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQFB3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\SRTSP\Quarantine\APQFD78.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\ProgramData\gifumuya\gifumuya.exe.vir (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\ProgramData\mukesiwu\mukesiwu.exe.vir (Trojan.Inject) -> Quarantined and deleted successfully.

ken545
2010-05-03, 22:16
Yep, mostly Symantec , the files in Qoobox are what Combofix removed. We will get rid of all that in a bit

What I would do now is run a free online virus scanner to check for leftovers

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

alex123
2010-05-05, 12:07
My computer has started running slower than it used to, but still no more visible effects of the adware. Also, ESET didn't save a log, so I copied the filed it found and deleted successfully.

C:\Users\Craig\AppData\Roaming\Microsoft\Internet Explorer\ccsm.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Users\Craig\AppData\Roaming\scdata\dbsinit.exe Win32/Adware.WinAntiVirus application deleted - quarantined
C:\Users\Craig\AppData\Roaming\scdata\wispex.html Win32/Adware.WinAntiVirus application cleaned by deleting - quarantined

ken545
2010-05-05, 14:11
Lets take a final look and if nothing bad I will link you to a windows support forum for slow computers, you may have a couple of programs bumping heads :confused:

Please download RootRepeal from one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)

Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.







Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

alex123
2010-05-05, 18:17
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/05 11:12
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x97CAC000 Size: 897024 File Visible: No Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0x97C6B000 Size: 118784 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB0281000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\Windows\system32\Drivers\SYMEVENT.SYS
Address: 0x91B47000 Size: 151552 File Visible: No Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\Windows\System32\Drivers\SYMREDRV.SYS
Address: 0xB12FC000 Size: 20992 File Visible: No Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\Windows\System32\Drivers\SYMTDI.SYS
Address: 0x97402000 Size: 184832 File Visible: No Signed: -
Status: -

Name: vpnobrbm.sys
Image Path: C:\Windows\System32\drivers\vpnobrbm.sys
Address: 0x805BA000 Size: 54016 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1336 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89600878

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89600958

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x895d60c8

#: 054 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x895b6320

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x896005c8

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x895fcdb0

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x89600eb0

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x896006b8

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89600798

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x89600db0

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x896004e8

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x897131e0

#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x89716008

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x876a3818

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89716368

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89600208

#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x89716278

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89712fd0

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x897160b8

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x895ffe10

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89716198

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x896002f8

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89600f80

==EOF==

Logfile of random's system information tool 1.06 (written by random/random)
Run by Craig at 2010-05-05 11:14:01
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 134 GB (57%) free of 236 GB
Total RAM: 3571 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:17 AM, on 5/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Craig\Downloads\RSIT.exe
C:\Program Files\trend micro\Craig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.8)_Gecko/20100202_Firefox/3.5.8_(.NET_CLR_3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 12981 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-655683987-928240968-4200487773-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-02-23 200704]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904]
"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2009-02-26 184320]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-12-22 134144]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2009-04-22 656696]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2009-04-22 95544]
"DellControlPoint"=C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-03-19 667648]
"USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2009-04-22 15360]
"DellConnectionManager"=C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-04-10 1810432]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-10-17 442536]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-04-24 250192]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-04-27 483428]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-06 149280]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"ZSSnp211"=C:\Windows\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\Windows\Domino.exe [2006-08-18 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim"=C:\Program Files\AIM\aim.exe [2009-12-01 3951976]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-21 468408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2010-05-05 11:14:01 ----D---- C:\rsit
2010-05-05 11:12:29 ----A---- C:\RootRepeal report 05-05-10 (11-12-29).txt
2010-05-04 14:43:14 ----D---- C:\Program Files\CCleaner
2010-05-04 06:42:50 ----D---- C:\Program Files\ESET
2010-05-03 09:19:35 ----SHD---- C:\$RECYCLE.BIN
2010-05-03 09:18:28 ----A---- C:\ComboFix.txt
2010-05-03 08:45:07 ----A---- C:\Windows\SWXCACLS.exe
2010-05-03 07:41:02 ----A---- C:\Windows\NIRCMD.exe
2010-05-03 07:41:02 ----A---- C:\Windows\MBR.exe
2010-05-03 07:41:01 ----A---- C:\Windows\zip.exe
2010-05-03 07:41:01 ----A---- C:\Windows\SWREG.exe
2010-05-03 07:41:01 ----A---- C:\Windows\sed.exe
2010-05-03 07:41:01 ----A---- C:\Windows\PEV.exe
2010-05-03 07:41:01 ----A---- C:\Windows\grep.exe
2010-05-03 07:41:00 ----A---- C:\Windows\SWSC.exe
2010-05-03 07:32:34 ----D---- C:\Program Files\Trend Micro
2010-05-03 06:46:45 ----D---- C:\ProgramData\Office Genuine Advantage
2010-05-03 06:05:45 ----D---- C:\Users\Craig\AppData\Roaming\Malwarebytes
2010-05-03 06:05:09 ----D---- C:\ProgramData\Malwarebytes
2010-05-03 06:05:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-29 06:06:57 ----D---- C:\Windows\ERDNT
2010-04-29 05:24:46 ----D---- C:\Users\Craig\AppData\Roaming\scdata
2010-04-26 05:57:02 ----D---- C:\Program Files\Hewlett-Packard
2010-04-26 05:51:57 ----A---- C:\Windows\system32\hppldcoi.dll
2010-04-26 05:51:57 ----A---- C:\Windows\system32\hposwia_p01a.dll
2010-04-26 05:51:56 ----A---- C:\Windows\system32\hposc_p01a.dll
2010-04-25 21:53:54 ----A---- C:\Windows\system32\hpz3l696.dll
2010-04-25 21:51:37 ----D---- C:\Config.Msi
2010-04-25 21:50:25 ----A---- C:\Windows\system32\hpzids01.dll
2010-04-25 21:50:24 ----A---- C:\Windows\system32\hpost_p01a.dll
2010-04-19 04:38:16 ----D---- C:\Windows\Sun
2010-04-19 00:52:09 ----D---- C:\Program Files\kSolo
2010-04-14 12:46:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 12:46:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 12:46:13 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 12:45:50 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:43:38 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:42:55 ----A---- C:\Windows\system32\cabview.dll
2010-03-31 11:44:31 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 11:44:29 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 11:44:27 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 11:44:27 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 11:44:26 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 11:44:26 ----A---- C:\Windows\system32\occache.dll
2010-03-31 11:44:26 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 11:44:26 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 11:44:25 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 11:44:25 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 11:44:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 11:44:24 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 11:44:24 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 11:44:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 11:44:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 11:44:23 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 11:44:23 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 11:44:23 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 11:44:23 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-14 05:19:02 ----D---- C:\ProgramData\AirportMania
2010-03-14 05:18:11 ----D---- C:\Program Files\ReflexiveArcade
2010-03-13 21:46:45 ----D---- C:\ProgramData\McAfee
2010-03-08 23:51:32 ----D---- C:\Users\Craig\AppData\Roaming\HP
2010-03-08 23:51:32 ----D---- C:\ProgramData\WEBREG
2010-03-08 23:41:53 ----D---- C:\Program Files\Common Files\HP
2010-03-08 23:37:52 ----D---- C:\ProgramData\HP Product Assistant
2010-03-08 23:30:59 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-03-08 23:26:13 ----A---- C:\Windows\system32\hpfll70v.dll
2010-03-08 23:21:48 ----D---- C:\Program Files\HP
2010-03-08 23:16:54 ----D---- C:\ProgramData\HP
2010-03-07 00:06:27 ----AD---- C:\ProgramData\TEMP
2010-03-07 00:05:26 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-05 00:17:27 ----D---- C:\Users\Craig\AppData\Roaming\FOG Downloader
2010-02-23 14:25:24 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 14:24:47 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 14:24:03 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 14:24:03 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 14:24:02 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 14:24:02 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 14:24:02 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 14:24:02 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 14:24:02 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 14:24:02 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 14:24:02 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 14:23:58 ----A---- C:\Windows\system32\gameux.dll
2010-02-23 14:23:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 14:23:56 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-10 05:24:18 ----D---- C:\found.000
2010-02-10 00:54:51 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 00:54:51 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 00:54:51 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 00:54:51 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 00:54:50 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 00:54:50 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 00:54:50 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 00:54:50 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 00:54:50 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 3 months======

2010-05-05 11:14:04 ----D---- C:\Windows\Temp
2010-05-05 11:12:07 ----D---- C:\Windows\system32\drivers
2010-05-05 11:12:07 ----D---- C:\Program Files\Mozilla Firefox
2010-05-05 11:10:55 ----D---- C:\Program Files\Common Files\Akamai
2010-05-04 22:17:38 ----SHD---- C:\System Volume Information
2010-05-04 15:01:17 ----SHD---- C:\Windows\Installer
2010-05-04 15:01:09 ----D---- C:\ProgramData
2010-05-04 15:01:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-04 15:01:09 ----D---- C:\Program Files
2010-05-04 15:00:53 ----D---- C:\ProgramData\Symantec
2010-05-04 14:59:42 ----D---- C:\Windows\System32
2010-05-04 14:59:39 ----D---- C:\Windows\system32\catroot
2010-05-04 14:54:00 ----D---- C:\Program Files\NortonInstaller
2010-05-04 14:53:57 ----D---- C:\ProgramData\Norton
2010-05-04 14:53:57 ----D---- C:\Program Files\Norton Security Scan
2010-05-04 14:53:54 ----D---- C:\Windows\Tasks
2010-05-04 14:50:15 ----D---- C:\Windows\inf
2010-05-04 14:50:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-04 14:46:35 ----D---- C:\Windows\Minidump
2010-05-04 14:46:35 ----D---- C:\Windows\Debug
2010-05-04 14:46:35 ----D---- C:\Windows
2010-05-04 08:29:47 ----D---- C:\Program Files\Common Files\Steam
2010-05-04 08:29:01 ----D---- C:\Program Files\Steam
2010-05-04 08:25:01 ----D---- C:\Windows\Logs
2010-05-04 06:42:53 ----SD---- C:\Windows\Downloaded Program Files
2010-05-03 23:49:19 ----D---- C:\Windows\Prefetch
2010-05-03 09:12:01 ----A---- C:\Windows\system.ini
2010-05-03 09:03:27 ----D---- C:\Windows\AppPatch
2010-05-03 09:03:24 ----D---- C:\Program Files\Common Files
2010-05-03 06:42:25 ----D---- C:\Windows\system32\zh-TW
2010-05-03 06:42:25 ----D---- C:\Windows\system32\zh-HK
2010-05-03 06:42:25 ----D---- C:\Windows\system32\tr-TR
2010-05-03 06:42:25 ----D---- C:\Windows\system32\sv-SE
2010-05-03 06:42:25 ----D---- C:\Windows\system32\pt-BR
2010-05-03 06:42:25 ----D---- C:\Windows\system32\nl-NL
2010-05-03 06:42:25 ----D---- C:\Windows\system32\nb-NO
2010-05-03 06:42:25 ----D---- C:\Windows\system32\ko-KR
2010-05-03 06:42:25 ----D---- C:\Windows\system32\it-IT
2010-05-03 06:42:25 ----D---- C:\Windows\system32\he-IL
2010-05-03 06:42:25 ----D---- C:\Windows\system32\fr-FR
2010-05-03 06:42:24 ----D---- C:\Windows\system32\fi-FI
2010-05-03 06:42:24 ----D---- C:\Windows\system32\es-ES
2010-05-03 06:42:24 ----D---- C:\Windows\system32\en-US
2010-05-03 06:42:24 ----D---- C:\Windows\system32\el-GR
2010-05-03 06:42:24 ----D---- C:\Windows\system32\de-DE
2010-05-03 06:42:24 ----D---- C:\Windows\system32\da-DK
2010-05-03 06:42:24 ----D---- C:\Windows\system32\ar-SA
2010-04-29 14:24:05 ----SD---- C:\Users\Craig\AppData\Roaming\Microsoft
2010-04-29 05:18:16 ----D---- C:\Windows\system32\catroot2
2010-04-29 04:27:25 ----RSD---- C:\Windows\Fonts
2010-04-29 04:01:40 ----D---- C:\Windows\winsxs
2010-04-26 06:06:24 ----A---- C:\Windows\win.ini
2010-04-26 05:59:53 ----D---- C:\Windows\twain_32
2010-04-21 00:19:30 ----D---- C:\Users\Craig\AppData\Roaming\Mozilla
2010-04-14 17:30:03 ----D---- C:\Program Files\Windows Mail
2010-04-14 17:21:06 ----D---- C:\ProgramData\Microsoft Help
2010-04-12 04:38:21 ----D---- C:\Windows\system32\wbem
2010-04-12 04:37:45 ----D---- C:\Windows\system32\config
2010-04-12 04:37:39 ----D---- C:\Windows\system32\spool
2010-04-12 04:37:39 ----D---- C:\Windows\system32\Msdtc
2010-04-12 04:37:39 ----D---- C:\Program Files\Internet Explorer
2010-04-12 04:37:38 ----D---- C:\Windows\registration
2010-04-12 04:07:12 ----SD---- C:\ProgramData\Microsoft
2010-04-12 03:35:45 ----RD---- C:\Users
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-01 05:41:50 ----D---- C:\Windows\system32\migration
2010-03-11 23:14:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-03-11 05:14:44 ----D---- C:\Program Files\Movie Maker
2010-03-02 05:41:40 ----D---- C:\Windows\system32\Tasks
2010-03-02 05:40:14 ----D---- C:\Windows\system32\Macromed
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 05:23:40 ----D---- C:\Windows\rescache
2010-02-08 02:39:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-08 02:39:47 ----D---- C:\Program Files\Ubisoft
2010-02-08 02:35:48 ----D---- C:\Program Files\Trillian
2010-02-08 02:35:35 ----D---- C:\Users\Craig\AppData\Roaming\Trillian
2010-02-08 02:35:09 ----D---- C:\Program Files\Might and Magic VI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-04-03 48128]
R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2009-04-22 205624]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-02-23 170032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-12-10 84008]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-12-10 109096]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-12-10 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-12-10 18344]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 cvusbdrv;Broadcom USH CV; C:\Windows\System32\Drivers\cvusbdrv.sys [2009-04-15 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2009-02-23 224384]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2009-03-30 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2009-03-30 280096]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-04-27 398848]
R3 USBCCID;USB Smart Card reader; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-10 30208]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R4 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS []
R4 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
R4 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 catchme;catchme; \??\C:\Users\Craig\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2008-02-20 30816]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\NvtSp50.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 XDva326;XDva326; \??\C:\Windows\system32\XDva326.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\heci.sys [2009-04-28 40832]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 rimspci;rimspci; C:\Windows\system32\drivers\rimspe86.sys [2009-04-03 45056]
S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2009-04-03 45056]
S4 risdpcie;risdpcie; C:\Windows\system32\drivers\risdpe86.sys [2009-04-03 48640]
S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2009-04-03 38400]
S4 rixdpcie;rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [2009-04-03 38400]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [2009-04-27 81920]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 alssvc;Ambient Light Sensor; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-11-17 555560]
R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-04-09 447264]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-02 860160]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-23 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-23 189248]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-02 466944]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-04-10 77824]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe [2009-04-27 254042]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-04-22 1703936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856]
S2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-11-13 46824]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-02 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-12-12 638976]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-03 390952]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

-----------------EOF-----------------

ken545
2010-05-06, 00:48
Hi,

Go ahead and fix these with HJT

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: ::1 localhost




You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been analyzed before, have it analyzed it again

c:\windows\system32\drivers\pgsbvj.sys

If the site is busy you can try this one

http://virusscan.jotti.org/en

ken545
2010-05-13, 14:06
Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.