PDA

View Full Version : Win32/Olmarik.AJL Trojan


LefkyTheShin
2010-12-18, 18:08
12/18/10

I recently ran an ESET NOD32 Antivirus 4.2.35.0 scan and found a Win32/Olmarik.AJL trojan on my system. I've tried several attempts to get rid of it using Spyware Doctor, ESET, Malwarebytes' Anti-Malware, but nothing has helped. Any help would be appreciated.

I've posted the DDS log and attached the Attach.txt zip.

Here's the DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 11:44:37.34 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2278 [GMT -5:00]

AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\launch.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Amazon.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
TB: Amazon.com Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon toolbar\AlxTB2.1.0.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [iLike] c:\program files\ilike\1.2.17\ilikesidebar.exe /checkforupdate
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Ant.com Toolbar 1.6; GTB6.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Amazon Toolbar)" -"http://www.cartoonnetwork.com/games/knd/trickortreatbeat/index.html"
mRun: [<NO NAME>]
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859}
IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.shockwave.com/content/ricochetlostworlds/ReflexiveWebGameLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-034966e2548e2b0c.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\applications\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = cecli scecli

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-17 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-15 32008]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-11 12672]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-6-15 6416120]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 810120]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-15 76696]
R2 usbdevice;usbdevice;c:\windows\system32\launch.exe [2010-4-24 10240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-15 26096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-3 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-9-3 13184]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-12-18 01:17:20 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17:18 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16:12 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15:56 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15:41 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15:18 -------- d-----w- c:\program files\common files\PC Tools
2010-12-18 01:15:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-18 00:28:32 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert
2010-12-17 15:56:22 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b5a67cb3-fa5a-446d-b9f8-81e0eb884c9f}\mpengine.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-14 23:10:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42:57 -------- d-----w- c:\docume~1\eric\applic~1\gogii
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 03:43:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fugazo
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-10 03:58:39 13146 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-12-07 17:15:50 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02:17 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16:52 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 11:46:40.32 ===============


Thank you,
LTS
km2357
2010-12-21, 20:12
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.infospyware.net/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.com)
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
LefkyTheShin
2010-12-22, 16:35
Thanks for your assistance.

The DDS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 18:55:57.32 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2443 [GMT -5:00]

AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\launch.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Amazon.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
TB: Amazon.com Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon toolbar\AlxTB2.1.0.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [iLike] c:\program files\ilike\1.2.17\ilikesidebar.exe /checkforupdate
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Ant.com Toolbar 1.6; GTB6.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Amazon Toolbar)" -"http://www.cartoonnetwork.com/games/knd/trickortreatbeat/index.html"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "d:\applications\quick time pro\QTTask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF3 Registry Controller] "d:\applications\pdf to word converter 3\\RegistryController.exe"
mRun: [ScanSoft PDF Converter 3.0-reminder] "d:\applications\pdf to word converter 3\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\pdf converter\3\ereg\ereg.ini"
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\pdf to word converter 3\IEShellExt.dll /100
IE: {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859}
IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.shockwave.com/content/ricochetlostworlds/ReflexiveWebGameLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-034966e2548e2b0c.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\applications\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = cecli scecli

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-17 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-15 32008]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-11 12672]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-6-15 6416120]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 810120]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-15 76696]
R2 usbdevice;usbdevice;c:\windows\system32\launch.exe [2010-4-24 10240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-15 26096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-3 16512]
=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-12-21 07:03:24 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{0dc515c8-43bc-4047-a32e-41b5f390e292}\mpengine.dll
2010-12-21 02:15:31 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31:00 -------- d-----w- C:\SDFix
2010-12-19 21:08:37 -------- d-----w- c:\program files\common files\ScanSoft Shared
2010-12-19 21:08:36 -------- d-----w- c:\program files\ScanSoft
2010-12-19 20:36:50 -------- d-----w- c:\docume~1\eric\applic~1\PriceGong
2010-12-18 01:17:20 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17:18 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16:12 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15:56 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15:41 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15:18 -------- d-----w- c:\program files\common files\PC Tools
2010-12-18 01:15:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-18 00:28:32 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-14 23:10:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42:57 -------- d-----w- c:\docume~1\eric\applic~1\gogii
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 03:43:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fugazo

==================== Find3M ====================

2010-12-18 22:51:54 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-10 03:58:39 13146 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02:17 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16:52 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 18:59:20.18 ===============
LefkyTheShin
2010-12-22, 16:38
Here's the gmer.txt log file:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-22 10:26:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 IC35L090AVV207-0 rev.V23OA66A
Running: gmer.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\fxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xB1226F60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xB1226AF0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7A42112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7A212D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7A214C8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xB1226B40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xB1226F10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xB1226810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xB12268D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xB1227180]
SSDT sptd.sys ZwEnumerateKey [0xF750584C]
SSDT sptd.sys ZwEnumerateValueKey [0xF7505BEC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7A40E12]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xB1227490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xB1226CD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xB1227320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xB1226BE0]
SSDT sptd.sys ZwQueryKey [0xF7505CC4]
SSDT sptd.sys ZwQueryValueKey [0xF7505B44]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB16A0790]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7A43020]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xB1226AA0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB16A0650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB16A07D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xB12269B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB16A0510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB16A0590]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xB1226E80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xB1227630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xB1226C80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xB1227000]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 5 Bytes [10, 05, 6A, B1, 90]
.text ntoskrnl.exe!_abnormal_termination + 446 804E2AB2 6 Bytes [6A, B1, 80, 6E, 22, B1] {PUSH -0x4f; SUB BYTE [ESI+0x22], 0xb1}
.text KDCOM.DLL!KdSendPacket + FFFFF193 F7897345 21 Bytes [24, F9, FF, 8B, 48, 48, 89, ...]
.text KDCOM.DLL!KdSendPacket + FFFFF1A9 F789735B 2 Bytes [10, 08] {ADC [EAX], CL}
.text KDCOM.DLL!KdSendPacket + FFFFF1AC F789735E 5 Bytes [53, E8, D7, B0, 03]
.text KDCOM.DLL!KdSendPacket + FFFFF1B2 F7897364 111 Bytes [84, C0, 74, 70, 8D, 45, 9C, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 2E F78973D4 71 Bytes [78, 2C, ED, FF, 53, 68, 9C, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 76 F789741C 15 Bytes [89, 01, 68, 80, AC, 48, 00, ...] {MOV [ECX], EAX; PUSH 0x48ac80; MOV [EAX+0x4], ECX; CALL 0xffffffffffee04c2}
.text KDCOM.DLL!KdRestore + 39 F7897499 10 Bytes [FF, 75, 0C, FF, 76, 1C, E8, ...]
.text KDCOM.DLL!KdRestore + 44 F78974A4 31 Bytes [85, C0, 59, 59, 0F, 85, 91, ...]
.text KDCOM.DLL!KdRestore + 64 F78974C4 269 Bytes [8B, 46, 3C, 83, C0, 04, 50, ...]
.text KDCOM.DLL!KdRestore + 172 F78975D2 59 Bytes [45, FC, 8B, 45, 24, 8D, 4D, ...]
.text KDCOM.DLL!KdRestore + 1AE F789760E 58 Bytes [45, 10, 0F, 8C, 69, B6, FB, ...]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 11 F7897F5D 3 Bytes CALL F7782DAB
PAGEKD KDCOM.DLL!KdReceivePacket + 15 F7897F61 1 Byte [33]
PAGEKD KDCOM.DLL!KdReceivePacket + 15 F7897F61 56 Bytes JMP F78114C5 \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation)
PAGEKD KDCOM.DLL!KdReceivePacket + 4E F7897F9A 91 Bytes [18, 85, C0, 74, 10, 50, FF, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + AA F7897FF6 5 Bytes [EE, FF, B8, FF, FF]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 20 F78981D2 94 Bytes [0B, 3A, 41, 01, 75, 0F, 83, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 7F F7898231 59 Bytes [89, 45, F8, FF, 15, 00, 80, ...]
PAGEKD KDCOM.DLL!KdSendPacket + BB F789826D 11 Bytes [F3, A4, 8B, 4D, F8, 8B, 79, ...]
PAGEKD KDCOM.DLL!KdSendPacket + C7 F7898279 52 Bytes [33, C9, 03, FA, 66, 3B, 4B, ...]
PAGEKD KDCOM.DLL!KdSendPacket + FC F78982AE 41 Bytes [00, 8B, 87, A0, 00, 00, 00, ...]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9C448AC 5 Bytes JMP 8ACEB960
? System32\Drivers\ait017xd.SYS The system cannot find the path specified. !
? C:\DOCUME~1\Eric\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[204] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E5255 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E5286 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E5255 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E5286 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2080] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E5255 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E5286 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
LefkyTheShin
2010-12-22, 16:39
3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E5255 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E5286 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3584] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01747B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 01747090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3584] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 01747800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [F789872F] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [F7898739] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [F78987DB] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [F78987F1] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [F78987B5] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [F78987CF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [F78987C1] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [F78987E7] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F78987DB] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!WRITE_REGISTER_UCHAR] FFF924CB
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!READ_REGISTER_UCHAR] 90104B80
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!HalPrivateDispatchTable] 362EE853
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KeFindConfigurationEntry] 016AFFF9
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!InbvDisplayString] DFE836FF
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KdDebuggerNotPresent] E9FFF658
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!_strupr] FFF924F1
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!strstr] F924F4E9
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!MmMapIoSpace] 104B80FF
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!atol] 11E85390
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] FF016A88
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] E923EB30
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] FFF924B0
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 8948488B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 4C488B0E
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751452C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514580] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7513B9A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2BF1D8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 8B145980
Device \Driver\usbuhci \Device\USBPDO-0 8ADE3980
Device \Driver\usbuhci \Device\USBPDO-1 8ADE3980
Device \Driver\usbuhci \Device\USBPDO-2 8ADE3980
Device \Driver\usbuhci \Device\USBPDO-3 8ADE3980
Device \Driver\00000043 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8AE86980

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2551D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2551D8
Device \Driver\Cdrom \Device\CdRom0 8ACE7980
Device \Driver\Cdrom \Device\CdRom1 8ACE7980
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2551D8
Device \Driver\Cdrom \Device\CdRom2 8ACE7980
Device \Driver\Cdrom \Device\CdRom3 8ACE7980
Device \Driver\Cdrom \Device\CdRom4 8ACE7980
Device \Driver\Cdrom \Device\CdRom5 8ACE7980
Device \Driver\usbuhci \Device\USBFDO-0 8ADE3980
Device \Driver\usbuhci \Device\USBFDO-1 8ADE3980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AEB8508
Device \Driver\usbuhci \Device\USBFDO-2 8ADE3980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AEB8508
Device \Driver\usbuhci \Device\USBFDO-3 8ADE3980
Device \Driver\usbehci \Device\USBFDO-4 8AE86980
Device \Driver\Ftdisk \Device\FtControl 8B2551D8
Device \Driver\ait017xd \Device\Scsi\ait017xd1Port2Path0Target0Lun0 8AE3E980
Device \Driver\ait017xd \Device\Scsi\ait017xd1Port2Path0Target2Lun0 8AE3E980
Device \Driver\ait017xd \Device\Scsi\ait017xd1 8AE3E980
Device \Driver\ait017xd \Device\Scsi\ait017xd1Port2Path0Target3Lun0 8AE3E980
Device \Driver\ait017xd \Device\Scsi\ait017xd1Port2Path0Target1Lun0 8AE3E980
Device \FileSystem\Fastfat \Fat 8B145980

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8B0AB980
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1539658636
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1367089
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0x23 0x29 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Applications\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBA 0x00 0xE1 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x22 0xAC 0x4F 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x22 0xAC 0x4F 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0x08 0x5A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD6 0x08 0x5A 0xF5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\.mmz@ MMJB.MMZ
Reg HKLM\SOFTWARE\Classes\.mmz@Content Type application/x-mmjb-mmz
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl@ Support.com Configuration Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl\CLSID@ {01113300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl\CurVer@ SdcUser.TgConfCtl.2
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl.2@ Support.com Configuration Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl.2\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TgConfCtl.2\CLSID@ {01113300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer@ SupportSoft Browser Container
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CLSID@ {01011200-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CurVer@ SPRT.BrowserContainer.1
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1@ SupportSoft Browser Container
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\CLSID@ {01011200-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler@ SupportSoft Elevation Handler Class
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler\CLSID@ {0111330a-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler\CurVer@ SPRT.ElevationHandler.1
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler.1@ SupportSoft Elevation Handler Class
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHandler.1\CLSID@ {0111330a-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper@ SupportSoft Elevation Helper Class
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper\CLSID@ {0111330c-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper\CurVer@ SPRT.ElevationHelper.1
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper.1@ SupportSoft Elevation Helper Class
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.ElevationHelper.1\CLSID@ {0111330c-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper@ SupportSoft User Helper Class
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper\CLSID@ {0111330b-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper\CurVer@ SPRT.UserHelper.1
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper.1@ SupportSoft User Helper Class
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.UserHelper.1\CLSID@ {0111330b-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5@ Facebook Photo Uploader 5 Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5\CLSID@ {0CCA191D-13A6-4E29-B746-314DEE697D83}
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5\CurVer
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5\CurVer@ TheFacebook.FacebookPhotoUploader5.5.1
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5.1@ Facebook Photo Uploader 5 Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5.1\CLSID@ {0CCA191D-13A6-4E29-B746-314DEE697D83}
Reg HKLM\SOFTWARE\Classes\TheFacebook.FacebookPhotoUploader5.5.1\Insertable
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5@ Facebook Photo Uploader 5 Combo Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5\CLSID@ {11C00D9C-F6B0-4470-A4EB-C9927DF57970}
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5\CurVer
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5\CurVer@ TheFacebook.ShellCombo.5.1
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5.1@ Facebook Photo Uploader 5 Combo Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.ShellCombo.5.1\CLSID@ {11C00D9C-F6B0-4470-A4EB-C9927DF57970}
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5@ Facebook Photo Uploader 5 Thumbnail Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5\CLSID@ {70A07902-4D50-4D4B-A5D2-914EFE80E94A}
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5\CurVer
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5\CurVer@ TheFacebook.Thumbnail.5.1
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5.1@ Facebook Photo Uploader 5 Thumbnail Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.Thumbnail.5.1\CLSID@ {70A07902-4D50-4D4B-A5D2-914EFE80E94A}
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5@ Facebook Photo Uploader 5 UploadPane Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5\CLSID@ {316DC664-0D6A-4505-A282-8C0248C27110}
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5\CurVer
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5\CurVer@ TheFacebook.UploadPane.5.1
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5.1@ Facebook Photo Uploader 5 UploadPane Control
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\TheFacebook.UploadPane.5.1\CLSID@ {316DC664-0D6A-4505-A282-8C0248C27110}

---- EOF - GMER 1.0.15 ----
km2357
2010-12-22, 20:16
Remove two of your Anti Virus programs.

You are operating your computer with multiple Anti Virus programs running in memory at once:

ESET NOD32 Antivirus 4.2

Prevx 2.0

Prevx 3.0

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove two of them.



IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus

I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.

Also available here (http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394).

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

CouponBar

Reboot your Computer.


Step # 2 Download and Run CKScanner.exe

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Post the CKScanner log in your next post/reply.
LefkyTheShin
2010-12-23, 03:20
I removed Azureus and ESET, but was confused about having both Prevx 2.0 and 3.0. I went to my program folder and only saw Prevx 3.0, which I want to keep, but couldn't find Prevx 2.0 to remove it. I recently upgraded and figured the 2.0 would be replaced by the 3.0 version.

Here's the CK file log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\my downloads\pc___bigfish_games___yard_sale_hidden_treasures_sunnyville.exe
c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
scanner sequence 3.CF.11
----- EOF -----
km2357
2010-12-23, 20:24
Step # 1: Disable Windows Defender

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
LefkyTheShin
2010-12-25, 23:52
ComboFix 10-12-25.01 - Eric 12/25/2010 17:02:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2598 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eric\Application Data\11136_66fac30b403185c1e6c6329e38d48cff.exe
c:\documents and settings\Eric\Application Data\Cassandra's Journey 2 The Fifth Sun.exe
c:\documents and settings\Eric\Application Data\PriceGong
c:\documents and settings\Eric\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Eric\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Eric\Application Data\The Mystery Of The Crystal Portal 2.exe
c:\documents and settings\Eric\Recent\Thumbs.db
c:\program files\Internet Explorer\SET13A1.tmp
c:\program files\Internet Explorer\SET13A6.tmp
c:\program files\Internet Explorer\SET13AA.tmp
c:\program files\WinPCap
c:\program files\WinPCap\LICENSE
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\inf
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\launch.exe
c:\windows\system32\Oeminfo.ini
c:\windows\system32\system.dat
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_usbdevice
-------\Service_usbdevice


((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-24 07:17 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D5643EF5-FC19-47BA-ACB5-FC542BE071A9}\mpengine.dll
2010-12-21 02:15 . 2010-12-21 02:15 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31 . 2010-12-21 03:38 -------- d-----w- C:\SDFix
2010-12-19 21:09 . 2010-12-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\ScanSoft
2010-12-18 16:09 . 2010-12-18 16:09 -------- d-----w- c:\program files\ERUNT
2010-12-18 01:17 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15 . 2010-12-18 01:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-18 01:15 . 2010-12-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-18 00:28 . 2010-12-18 00:28 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Threat Expert
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-14 23:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42 . 2010-12-08 18:42 -------- d-----w- c:\documents and settings\Eric\Application Data\gogii
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2009-01-06 21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-01-06 21:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-06-01 17:41 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-07-18 18:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-07-18 18:40 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41 . 2010-06-01 17:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02 . 2007-05-05 22:02 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16 . 2006-01-10 22:17 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Toolbar\AlxTB2.1.0.dll" [2010-04-15 966656]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.17\ilikesidebar.exe" [2008-09-10 63024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="d:\applications\Quick Time Pro\QTTask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PDF3 Registry Controller"="d:\applications\PDF to WORD converter 3\\RegistryController.exe" [2005-04-12 106496]
"ScanSoft PDF Converter 3.0-reminder"="d:\applications\PDF to WORD converter 3\Ereg\Ereg.exe" [2005-03-30 729088]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [N/A]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/17/2010 8:15 PM 218592]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [12/14/2006 11:43 PM 639224]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7/1/2008 8:02 AM 810120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2010 3:12 AM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [5/3/2009 2:00 PM 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\SYSTEM32\DRIVERS\XLoader.sys [9/3/2004 9:42 PM 13184]
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-25 c:\windows\Tasks\User_Feed_Synchronization-{619FC3C3-7BEF-4ACB-B2EC-3A76EC5D7C88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-12-25 c:\windows\Tasks\User_Feed_Synchronization-{789C30E6-A07B-4421-A96B-E1CD44EB8F40}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\PDF to WORD converter 3\IEShellExt.dll /100
IE: {{438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {{B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-Acrobat Assistant 8 - d:\applications\Adobe-CS4-Master\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - d:\applications\Adobe-CS4-Master\Acrobat 9.0\Acrobat\Acrobat_sl.exe
AddRemove-A Gypsys Tale - The Tower of Secrets 1.0 - d:\games\Erics current games\Big Fish Games - A Gypsys Tale - The Tower of Secrets\Uninstall.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-Aveyond - The Lost Orb - d:\games\Erics current games\Aveyond - The Lost Orb\Aveyond - The Lost Orb\Aveyond - The Lost Orb Uninstaller.exe
AddRemove-Aveyond-Gates Of Night - d:\games\Aveyond4-Gates Of Night And Strategy Guide\Aveyond-Gates Of Night\Uninstall.exe
AddRemove-Aveyond-Gates Of Night Strategy Guide - d:\games\Aveyond4-Gates Of Night And Strategy Guide\Aveyond-Gates Of Night Strategy Guide\Uninstall.exe
AddRemove-Blood Oath1.0 - d:\games\Erics current games\uninstall.exe
AddRemove-CamStudio - d:\applications\CamStudio\uninstall.exe
AddRemove-Columbus Ghost of the Mystery Stone 1.00 - d:\games\Erics current games\BigFish - Columbus Ghost of the Mystery Stone\Columbus Ghost of the Mystery Stone\Uninstall.exe
AddRemove-Dark Tales 2 Edgar Allan Poes The Black Cat Collectors Edition 1.00 - d:\games\Erics current games\Dark Tales 2 Edgar Allan Poe's The Black Cat CE\Dark Tales 2 Edgar Allan Poes The Black Cat Collectors Edition\Uninstall.exe
AddRemove-Dream Chronicles - The Book of Air Collector's Edition - d:\games\Erics current games\Dream Chronicles-The Book Of Air Collectors Edition\Dream Chronicles - The Book of Air Collector's Edition\Uninstall.exe
AddRemove-Echoes of the Past The Castle of Shadows Collectors Edition 1.00 - d:\games\Erics current games\Echoes of the Past 2 The Castle of Shadows CE\Echoes of the Past The Castle of Shadows Collectors Edition\Uninstall.exe
AddRemove-Explorer - Contraband Mystery1.0 - d:\games\Erics current games\Explorer-Contraband Mystery\uninstall.exe
AddRemove-Fiction Fixers The Curse of OZ 1.00 - d:\games\Erics current games\Fiction Fixers The Curse of OZ\Fiction Fixers The Curse of OZ\Uninstall.exe
AddRemove-Flux Family Secrets The Rabbit Hole Collectors Edition 1.00 - d:\games\Erics current games\Flux Family Secrets The Rabbit Hole Collectors Edition\Flux Family Secrets The Rabbit Hole Collectors Edition\Uninstall.exe
AddRemove-Golden Trails - The New Western Rush1.0 - d:\games\Erics current games\uninstall.exe
AddRemove-Haunted Halls Green Hills Sanitarium Collectors Edition 1.00 - d:\games\Erics current games\Haunted Halls Green Hills Sanitarium CE\Haunted Halls Green Hills Sanitarium Collectors Edition\Uninstall.exe
AddRemove-Hidden Mysteries - Vampire Secrets1.0 - d:\games\Erics current games\uninstall.exe
AddRemove-Hidden Mysteries Salem Secrets 1.00 - d:\games\Erics current games\Hidden Mysteries Salem Secrets\Hidden Mysteries Salem Secrets\Uninstall.exe
AddRemove-King Arthur 1.00 - d:\games\Erics current games\King Arthur\King Arthur\Uninstall.exe
AddRemove-Midnight Mysteries 2 Salem Witch Trials 1.00 - d:\games\Erics current games\Midnight Mysteries 2 Salem Witch Trials with SG\Uninstall.exe
AddRemove-Mystery Age 2- The Dark Priests1.0 - d:\games\Erics current games\Mystery Age 2 – The Dark Priests\uninstall.exe
AddRemove-Mystery Case Files 13th Skull Collectors Edition 1.00 - d:\games\Erics current games\Mystery Case files - 13th Skull CE\Mystery Case Files 13th Skull Collectors Edition\Uninstall.exe
AddRemove-Mystery Legends Phantom of the Opera1.0 - d:\games\Erics current games\Mystery Legends Phantom of the Opera\uninstall.exe
AddRemove-Mystery P.I. - The London Caper - c:\program files\PopCap Games\Mystery P.I. - The London Caper\PopUninstall.exe
AddRemove-Mystery Valley 1.00 - d:\games\Erics current games\Mystery Valley\Mystery Valley\Uninstall.exe
AddRemove-Mystic Diary Haunted Island 1.00 - d:\games\Erics current games\Mystic Diary Haunted Island\Mystic Diary Haunted Island\Uninstall.exe
AddRemove-Puppet Show Souls of the Innocent CE 1.00 - d:\games\Erics current games\Puppet Show Souls of the Innocent CE\Uninstall.exe
AddRemove-Redemption Cemetery - Curse of the Raven Collector's Edition - d:\games\Erics current games\Bigfish-Redemption Cemetery Curse of the Raven Collector's Edition\Uninstall.exe
AddRemove-Samantha Swift and the Fountains of Fate 1.00 - d:\games\Erics current games\Samantha Swift and the Fountains of Fate\Samantha Swift and the Fountains of Fate\Uninstall.exe
AddRemove-Sherlock Holmes The Hound of the Baskervilles CE 1.00 - d:\games\Erics current games\SherlockHolmesBaskervillesCE\Sherlock Holmes The Hound of the Baskervilles CE\Uninstall.exe
AddRemove-Skymist The Lost Spirit Stones 1.00 - d:\games\Erics current games\BigFish - Skymist The Lost Spirit Stones\Skymist The Lost Spirit Stones\Uninstall.exe
AddRemove-Strange Cases The Lighthouse Mystery Collectors Edition 1.00 - d:\games\Erics current games\BigFish - Strange Cases The Lighthouse Mystery CE\Strange Cases The Lighthouse Mystery Collectors Edition\Uninstall.exe
AddRemove-The Crop Circles Mystery 1.00 - d:\games\Erics current games\The Crop Circles Mystery LKRG\The Crop Circles Mystery\Uninstall.exe
AddRemove-Twisted Lands Shadow Town Collectors Edition 1.00 - d:\games\Erics current games\Twisted Lands Shadow Town CE\Twisted Lands Shadow Town Collectors Edition\Uninstall.exe
AddRemove-{ABEBD7A5-4EEE-4492-845E-60305F836F6C}_is1 - d:\games\Magic.Match.2.The.Genies.Journey.v1.0\Magic Match The Genies Journey\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-25 17:38:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-25 22:38

Pre-Run: 22,981,967,872 bytes free
Post-Run: 22,870,188,032 bytes free

- - End Of File - - 975A96CBDF9D068040EAB5F14A0AFA6A
km2357
2010-12-26, 06:15
I need something cleared up before we continue.

Earlier you mentioned that you uninstalled ESET and decided you wanted to keep Prevx 3.0. In the ComboFix Log you posted, it shows that Prevx 3.0 is not there and ESET is there/disabled:

AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}

From your DDS Log back on the 21st of this month it shows both ESET and Prevx 2 & 3:

AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


Did you decide to reinstall ESET and remove Prevx 3.0?
LefkyTheShin
2010-12-26, 19:44
Hmm, I uninstalled ESET or so I thought, I'll have to check that out and try to remove it for good. I followed the instructions for disabling Prevx, so that ComboFix could run, but ComboFix still detected Prevx to be running. I then removed Prevx, so ComboFix could proceed, with the intention of reinstaling it after I was done this.

Should I run ComboFix again and post the log info after I've sorted this out?
km2357
2010-12-27, 06:05
Hmm, I uninstalled ESET or so I thought, I'll have to check that out and try to remove it for good. I followed the instructions for disabling Prevx, so that ComboFix could run, but ComboFix still detected Prevx to be running. I then removed Prevx, so ComboFix could proceed, with the intention of reinstaling it after I was done this.

Should I run ComboFix again and post the log info after I've sorted this out?

Once you've decided between ESET and Prevx 3.0, which Antivirus to keep and which one to remove, go ahead and rerun ComboFix and post the fresh log. :)
LefkyTheShin
2010-12-27, 18:59
As with my other post I want to stay with Prevx, but had to uninstall it temporarily until ComboFix was done. ESET, on the other hand, I want to get rid of, but it's proving to be a pain. I uninstalled it prior to my last post, but that didn't remove all of the files, as you saw in the previous post. I then did an "ESET" search on the C and D drives and manually removed any ESET files that came up. However, today I ran the ComboFix program again and noticed one of the lines referred to "C\:program files\ESET..." (you'll see it below). Is this file a problem and why haven't I been able to completely rid the system of all ESET files? Thanks.


ComboFix 10-12-26.01 - Eric 12/27/2010 11:51:39.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2579 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-24 07:17 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D5643EF5-FC19-47BA-ACB5-FC542BE071A9}\mpengine.dll
2010-12-21 02:15 . 2010-12-21 02:15 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31 . 2010-12-21 03:38 -------- d-----w- C:\SDFix
2010-12-19 21:09 . 2010-12-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\ScanSoft
2010-12-18 16:09 . 2010-12-18 16:09 -------- d-----w- c:\program files\ERUNT
2010-12-18 01:17 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15 . 2010-12-18 01:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-18 01:15 . 2010-12-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-18 00:28 . 2010-12-18 00:28 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Threat Expert
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-14 23:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42 . 2010-12-08 18:42 -------- d-----w- c:\documents and settings\Eric\Application Data\gogii
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2009-01-06 21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-01-06 21:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-06-01 17:41 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-07-18 18:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-07-18 18:40 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41 . 2010-06-01 17:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02 . 2007-05-05 22:02 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16 . 2006-01-10 22:17 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Toolbar\AlxTB2.1.0.dll" [2010-04-15 966656]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.17\ilikesidebar.exe" [2008-09-10 63024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PDF3 Registry Controller"="d:\applications\PDF to WORD converter 3\\RegistryController.exe" [2005-04-12 106496]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [N/A]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/17/2010 8:15 PM 218592]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [12/14/2006 11:43 PM 639224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2010 3:12 AM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [5/3/2009 2:00 PM 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\SYSTEM32\DRIVERS\XLoader.sys [9/3/2004 9:42 PM 13184]
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{619FC3C3-7BEF-4ACB-B2EC-3A76EC5D7C88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{789C30E6-A07B-4421-A96B-E1CD44EB8F40}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\PDF to WORD converter 3\IEShellExt.dll /100
IE: {{438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {{B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-12-27 12:13:00
ComboFix-quarantined-files.txt 2010-12-27 17:12
ComboFix2.txt 2010-12-25 22:38

Pre-Run: 22,578,958,336 bytes free
Post-Run: 22,634,360,832 bytes free

- - End Of File - - 35C356CD4FD3D59278FEFBBDCC7F092E
km2357
2010-12-27, 20:15
It sounds like ESET is being a pain and doesn't want to go. This step will remove the remnants of ESET and also get rid of the Prevx 2.0 line in your ComboFix Log.


Step # 1: Run CFScript


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


KILLALL::

Driver::

ESET Service

Folder::

c:\program files\ESET

SecCenter::

AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Prevx 2.0 *Disabled/Updated* {557C3342-BC52-4508-AC25-4441BDF5C04C}


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Note: This CFScript is for use on LefkyTheShin's computer only! Do not use it on your computer.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
LefkyTheShin
2010-12-28, 02:05
ComboFix 10-12-26.01 - Eric 12/27/2010 19:14:59.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2266 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ekrn
-------\Service_ekrn


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-24 07:17 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D5643EF5-FC19-47BA-ACB5-FC542BE071A9}\mpengine.dll
2010-12-21 02:15 . 2010-12-21 02:15 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31 . 2010-12-21 03:38 -------- d-----w- C:\SDFix
2010-12-19 21:09 . 2010-12-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-12-19 21:08 . 2010-12-19 21:08 -------- d-----w- c:\program files\ScanSoft
2010-12-18 16:09 . 2010-12-18 16:09 -------- d-----w- c:\program files\ERUNT
2010-12-18 01:17 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15 . 2010-12-18 01:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-18 01:15 . 2010-12-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-18 00:28 . 2010-12-18 00:28 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Threat Expert
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-16 03:49 . 2010-12-21 23:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-14 23:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36 . 2010-12-11 01:36 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42 . 2010-12-08 18:42 -------- d-----w- c:\documents and settings\Eric\Application Data\gogii
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2009-01-06 21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-01-06 21:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-06-01 17:41 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-07-18 18:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-07-18 18:40 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41 . 2010-06-01 17:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02 . 2007-05-05 22:02 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16 . 2006-01-10 22:17 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Toolbar\AlxTB2.1.0.dll" [2010-04-15 966656]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\applications\Ant.com - video download\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.17\ilikesidebar.exe" [2008-09-10 63024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PDF3 Registry Controller"="d:\applications\PDF to WORD converter 3\\RegistryController.exe" [2005-04-12 106496]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [N/A]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/17/2010 8:15 PM 218592]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [12/14/2006 11:43 PM 639224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2010 3:12 AM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [5/3/2009 2:00 PM 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\SYSTEM32\DRIVERS\XLoader.sys [9/3/2004 9:42 PM 13184]
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 08:12]

2010-12-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3487793459-3726096070-3990162821-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{619FC3C3-7BEF-4ACB-B2EC-3A76EC5D7C88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{789C30E6-A07B-4421-A96B-E1CD44EB8F40}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\PDF to WORD converter 3\IEShellExt.dll /100
IE: {{438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {{B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 19:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,3f,07,e0,59,01,d1,4a,ba,56,56,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-27 19:40:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-28 00:40
ComboFix2.txt 2010-12-27 17:13
ComboFix3.txt 2010-12-25 22:38

Pre-Run: 22,603,612,160 bytes free
Post-Run: 22,634,299,392 bytes free

- - End Of File - - F39B082A84C022601091C847E40C63B8







DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 19:55:05.31 on Mon 12/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2583 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
TB: Amazon.com Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon toolbar\AlxTB2.1.0.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [iLike] c:\program files\ilike\1.2.17\ilikesidebar.exe /checkforupdate
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF3 Registry Controller] "d:\applications\pdf to word converter 3\\RegistryController.exe"
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\pdf to word converter 3\IEShellExt.dll /100
IE: {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859}
IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///J:/moms%20games/4-24/Mystery.P.I.The.London.Caper.v1.0.Incl.KeyMaker/Mystery%20P.I.%20-%20The%20London%20Caper/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.shockwave.com/content/ricochetlostworlds/ReflexiveWebGameLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-034966e2548e2b0c.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\applications\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-17 218592]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-11 12672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-3 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-9-3 13184]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-12-25 21:54:48 98816 ----a-w- c:\windows\sed.exe
2010-12-25 21:54:48 89088 ----a-w- c:\windows\MBR.exe
2010-12-25 21:54:48 256512 ----a-w- c:\windows\PEV.exe
2010-12-25 21:54:48 161792 ----a-w- c:\windows\SWREG.exe
2010-12-24 07:17:00 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{d5643ef5-fc19-47ba-acb5-fc542be071a9}\mpengine.dll
2010-12-21 02:15:31 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31:00 -------- d-----w- C:\SDFix
2010-12-19 21:08:37 -------- d-----w- c:\program files\common files\ScanSoft Shared
2010-12-19 21:08:36 -------- d-----w- c:\program files\ScanSoft
2010-12-18 01:17:20 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17:18 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16:12 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15:56 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15:41 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15:18 -------- d-----w- c:\program files\common files\PC Tools
2010-12-18 01:15:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-18 00:28:32 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-14 23:10:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42:57 -------- d-----w- c:\docume~1\eric\applic~1\gogii
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02:17 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16:52 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 19:55:25.54 ===============
LefkyTheShin
2010-12-28, 02:08
Oops, I've attached the ATTACH zip file to go with the DDS log file in case you needed it.
km2357
2010-12-28, 08:24
I don't see any more signs of either ESET or Prevx 2.0 in your logs. You can go ahead and reinstall Prevx 3.0 now. :)



Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u23 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:


J2SE Runtime Environment 5.0 Update 22

Java(TM) 6 Update 22


Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.

From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) CleanerŠ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 3 Run Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.


Post the MalwareBytes' Log in your next post/reply.
LefkyTheShin
2010-12-28, 22:15
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5409

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2010 3:20:42 PM
mbam-log-2010-12-28 (15-20-42).txt

Scan type: Quick scan
Objects scanned: 233965
Time elapsed: 1 hour(s), 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
km2357
2010-12-29, 06:23
Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)


First, go to Add/Remove Programs and uninstall Adobe Reader 9.4.1.
Please go to this link Adobe Acrobat Reader Download Link (http://get.adobe.com/reader/)
On the right Untick McAfeeŽ Security Scan Plus if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit 4.3.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan) Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. Accept any security warnings from your browser. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Make sure that Remove found threats is unchecked
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png


In your next post/reply, I need to see the following:

1. ESET Log
2. A fresh DDS Log
3. How is your computer doing, any problems?
LefkyTheShin
2010-12-30, 03:59
The MSN homepage seems a tad sluggish when I scroll up or down, but other than that my computer seems fine. It just seems to be that particular page, maybe a setting was changed; I could always uninstall it, then reinstall it.

Thanks.

The ESET scan didn't turn up any results.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 21:38:24.62 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2312 [GMT -5:00]

AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - d:\applications\ant.com - video download\antbar\ant.com toolbar\tbcore3.dll
TB: Amazon.com Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon toolbar\AlxTB2.1.0.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [iLike] c:\program files\ilike\1.2.17\ilikesidebar.exe /checkforupdate
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF3 Registry Controller] "d:\applications\pdf to word converter 3\\RegistryController.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - d:\applications\pdf to word converter 3\IEShellExt.dll /100
IE: {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - c:\windows\web\tree.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859}
IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///J:/moms%20games/4-24/Mystery.P.I.The.London.Caper.v1.0./Mystery%20P.I.%20-%20The%20London%20Caper/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.shockwave.com/content/ricochetlostworlds/ReflexiveWebGameLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-034966e2548e2b0c.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\applications\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-17 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-12-28 32008]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-28 76696]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-11 12672]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-12-28 6416120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-28 26096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-3 16512]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-9-3 13184]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-12-29 22:16:52 -------- d-----w- c:\program files\ESET
2010-12-28 21:56:04 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-28 21:56:03 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-28 21:56:03 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-28 21:56:02 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-28 21:56:02 -------- d-----w- c:\program files\Prevx
2010-12-28 21:55:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-12-28 18:41:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-28 06:42:14 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{942ba3db-4ca7-41cc-9a72-f86afe257bc4}\mpengine.dll
2010-12-25 21:54:48 98816 ----a-w- c:\windows\sed.exe
2010-12-25 21:54:48 89088 ----a-w- c:\windows\MBR.exe
2010-12-25 21:54:48 256512 ----a-w- c:\windows\PEV.exe
2010-12-25 21:54:48 161792 ----a-w- c:\windows\SWREG.exe
2010-12-21 02:15:31 -------- d-----w- c:\windows\ERUNT
2010-12-21 01:31:00 -------- d-----w- C:\SDFix
2010-12-19 21:08:37 -------- d-----w- c:\program files\common files\ScanSoft Shared
2010-12-19 21:08:36 -------- d-----w- c:\program files\ScanSoft
2010-12-18 01:17:20 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-18 01:17:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-18 01:17:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-18 01:17:18 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-18 01:16:12 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-18 01:15:56 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-18 01:15:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-18 01:15:41 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-18 01:15:18 -------- d-----w- c:\program files\common files\PC Tools
2010-12-18 01:15:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-18 00:28:32 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-16 03:49:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-14 23:10:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:09:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\3086
2010-12-11 01:36:24 -------- d-----w- c:\windows\system32\1056
2010-12-08 18:42:57 -------- d-----w- c:\docume~1\eric\applic~1\gogii

==================== Find3M ====================

2010-12-28 18:40:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-05-05 22:02:17 1507504 ----a-w- c:\program files\VodeiSetup210.exe
2006-01-10 22:16:52 774144 ----a-w- c:\program files\RngInterstitial.dll
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 21:41:23.53 ===============
km2357
2010-12-30, 06:13
You can try uninstall/reinstalling your browser to see if that fixes the slowness of the MSN homepage.

If there are no more problems, you're good to go. :)


You can delete the following off of your computer:

DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
CKScanner.exe
The CKScanner Log


To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK

Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates (http://update.microsoft.com/) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can find SpywareBlaster here:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload_free.html)
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.spybot.info/showthread.php?t=279)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

If your computer is running slow, click here (http://www.malwareremoval.com/tutorials/runningslowly.php) for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
LefkyTheShin
2010-12-30, 21:25
I'll try all the mentioned steps, thanks for your time and assistance. :bigthumb:
km2357
2010-12-31, 08:17
You're welcome. I'm glad I was able to help you out. :)

Good luck and safe surfing!


Since this issue appears to be resolved ... this Topic has been closed. Glad we could
help.

Note: If it has been three days or more since your last post, and the helper assisting
you posted a response to that post to which you did not reply, your topic will not be
reopened. At that point, if you still require help, please start a new topic and include
a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread
re-opened, please send me or your helper a private message (pm). A valid, working link to
the closed topic is required.