Debugger detected [97]

[thegraz]

Hi Blade, sorry about the "z" above

Ran program in safe mode, I still can't boot normally. Here is the log

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-16 07:00:35
Windows 6.0.6001 Service Pack 1
Running: 254evpvq.exe; Driver: C:\Users\JIM'SL~1\AppData\Local\Temp\kwloikoc.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 86BA1BF8
INT 0x52 ? 86BA1BF8
INT 0x52 ? 86BA1BF8
INT 0x62 ? 86BA1BF8
INT 0x72 ? 86BA1BF8
INT 0x72 ? 86BA1BF8
INT 0x72 ? 86BA1BF8
INT 0x72 ? 86BA1BF8
INT 0x92 ? 84F19BF8
INT 0xB2 ? 85CCDBF8

Code 8954C070 ZwEnumerateKey
Code 89694A78 ZwFlushInstructionCache
Code 8960F336 ZwSaveKey
Code 896A9CE6 ZwSaveKeyEx
Code 89548135 IofCallDriver
Code 8954E01E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 82072FBA 5 Bytes JMP 8954E023
.text ntkrnlpa.exe!IofCallDriver 820F4FEF 5 Bytes JMP 8954813A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821EB30B 5 Bytes JMP 89694A7C
PAGE ntkrnlpa.exe!ZwEnumerateKey 82240BB4 5 Bytes JMP 8954C074
PAGE ntkrnlpa.exe!ZwSaveKey 8228E523 5 Bytes JMP 8960F33A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8228E62A 5 Bytes JMP 896A9CEA
? System32\Drivers\spcb.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8BB4C46F 5 Bytes JMP 86BA11D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxIndirectParamW 75DBBD25 5 Bytes JMP 71635ACB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxParamW 75DD1FD5 5 Bytes JMP 71635A55 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxParamA 75DF80B2 5 Bytes JMP 71635A90 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxIndirectParamA 75DF83DD 5 Bytes JMP 71635B06 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxIndirectA 75E0D471 5 Bytes JMP 71635A11 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxIndirectW 75E0D56B 5 Bytes JMP 716359CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxExA 75E0D5D1 5 Bytes JMP 71635993 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxExW 75E0D5F5 5 Bytes JMP 71635959 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806936D2] \SystemRoot\System32\Drivers\spcb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693040] \SystemRoot\System32\Drivers\spcb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806937FC] \SystemRoot\System32\Drivers\spcb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806930BE] \SystemRoot\System32\Drivers\spcb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069313C] \SystemRoot\System32\Drivers\spcb.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3048] \SystemRoot\System32\Drivers\spcb.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85CCF1F8
Device \Driver\volmgr \Device\VolMgrControl 84F1B1F8
Device \Driver\usbuhci \Device\USBPDO-0 86AF81F8
Device \Driver\usbuhci \Device\USBPDO-1 86AF81F8
Device \Driver\usbehci \Device\USBPDO-2 86AF91F8
Device \Driver\usbuhci \Device\USBPDO-3 86AF81F8
Device \Driver\usbuhci \Device\USBPDO-4 86AF81F8

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 86AF81F8
Device \Driver\usbehci \Device\USBPDO-6 86AF91F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F1B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84F1B1F8
Device \Driver\cdrom \Device\CdRom0 86B481F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F1B1F8
Device \Driver\cdrom \Device\CdRom1 86B481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85CCE1F8
Device \Driver\atapi \Device\Ide\IdePort0 85CCE1F8
Device \Driver\sptd \Device\3345995432 spcb.sys
Device \Driver\volmgr \Device\HarddiskVolume4 84F1B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 897FA1F8
Device \Driver\Smb \Device\NetbiosSmb 897AF1F8
Device \Driver\iScsiPrt \Device\RaidPort0 86B671F8

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\netbt \Device\NetBT_Tcpip_{E8630708-6774-4261-8816-48F364D0765D} 897FA1F8

AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 86AF81F8
Device \Driver\usbuhci \Device\USBFDO-1 86AF81F8
Device \Driver\PCI_PNP3415 \Device\0000007b spcb.sys
Device \Driver\usbehci \Device\USBFDO-2 86AF91F8
Device \Driver\usbuhci \Device\USBFDO-3 86AF81F8
Device \Driver\usbuhci \Device\USBFDO-4 86AF81F8
Device \Driver\netbt \Device\NetBT_Tcpip_{3DB87139-8809-44D9-A754-182AB7C47D2C} 897FA1F8
Device \Driver\usbuhci \Device\USBFDO-5 86AF81F8
Device \Driver\usbehci \Device\USBFDO-6 86AF91F8
Device \Driver\aiywpziq \Device\Scsi\aiywpziq1Port3Path0Target0Lun0 86B631F8
Device \Driver\aiywpziq \Device\Scsi\aiywpziq1 86B631F8
Device \FileSystem\fastfat \Fat 89D8D1F8
Device \FileSystem\fastfat \Fat 8BA8945E

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 89D3D1F8

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\rotscxkoxxvels.sys (*** hidden *** ) [SYSTEM] rotscxqyxxxucd <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001fe1effe99 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd@imagepath \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main@aid 10094
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\injector@* rotscxwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@fn (null)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@url http://top1959.cn/PC_protect.exe
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@knock (null)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@timeout 300
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@type 0
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\main\tasks\0000000001@count 1
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules@rotscxcmd.dll \systemroot\system32\rotscxnwvwpvgt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules@rotscxlog.dat \systemroot\system32\rotscxtvencebp.dat
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules@rotscxwsp.dll \systemroot\system32\rotscxqpooewnk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\rotscxqyxxxucd\modules@rotscx.dat \systemroot\system32\rotscxgbjmeqjq.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x33 0xB8 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x60 0xFC 0x2C 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x08 0x99 0xCA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8F 0x71 0xBB 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1effe99 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd@imagepath \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main@aid 10094
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main\injector@* rotscxwsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscxcmd.dll \systemroot\system32\rotscxnwvwpvgt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscxlog.dat \systemroot\system32\rotscxtvencebp.dat
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscxwsp.dll \systemroot\system32\rotscxqpooewnk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscx.dat \systemroot\system32\rotscxgbjmeqjq.dat
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxqyxxxucd\modules@rotscxwsp8.dll \systemroot\system32\rotscxpxuesfcq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x33 0xB8 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x60 0xFC 0x2C 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x08 0x99 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8F 0x71 0xBB 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1effe99
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd@imagepath \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main@aid 10094
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main\injector@* rotscxwsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxkoxxvels.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscxcmd.dll \systemroot\system32\rotscxnwvwpvgt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscxlog.dat \systemroot\system32\rotscxtvencebp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscxwsp.dll \systemroot\system32\rotscxqpooewnk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscx.dat \systemroot\system32\rotscxgbjmeqjq.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxqyxxxucd\modules@rotscxwsp8.dll \systemroot\system32\rotscxpxuesfcq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x33 0xB8 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x60 0xFC 0x2C 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x08 0x99 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8F 0x71 0xBB 0x08 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Mobile Getting Started Disc\AppInstalled@HTC Touch Pro\x2122 User Guide_Installed 4
Reg HKLM\SOFTWARE\Microsoft\Windows Mobile Getting Started Disc\AppInstalled@Windows Mobile\xae Device Center_Installed 4

---- Files - GMER 1.0.15 ----

File C:\Qoobox\Quarantine\C\Windows\System32\drivers\rotscxkoxxvels.sys.vir 71168 bytes
File C:\Users\Jim's Laptop\AppData\Local\Temp\rotscx000 0 bytes
File C:\Users\Jim's Laptop\AppData\Local\Temp\rotscxhlkwxotkgs.tmp 680448 bytes executable
File C:\Windows\System32\drivers\rotscxkoxxvels.sys 71168 bytes <-- ROOTKIT !!!
File C:\Windows\System32\rotscxgbjmeqjq.dat 43 bytes
File C:\Windows\System32\rotscxnwvwpvgt.dll 45568 bytes
File C:\Windows\System32\rotscxpxuesfcq.dll 19456 bytes executable
File C:\Windows\System32\rotscxqpooewnk.dll 20480 bytes executable
File C:\Windows\System32\rotscxtvencebp.dat 70624 bytes
File C:\Windows\temp\rotscxcdyiknvahr.tmp 19456 bytes executable
File C:\Windows\temp\rotscxyjdprtctta.tmp 43 bytes

---- EOF - GMER 1.0.15 ----

 

[Blade81]

Hi,

1. Start GMER and do a quick scan. It should give a message about rootkit activity.
2. If it asks for full scan, select "no".
3. Right click rotscx******** and select "disable service". You'll be most likely asked to reboot system. Please, let it do so.
4. After reboot, open GMER again and see if the corresponding service is in disabled state.

If it is in disabled state, try to run ComboFix again.

 

[thegraz]

Hi,

I think you are getting close. I am in normal mode right now. YAY

Here is the log

ComboFix 09-09-14.02 - Jim's Laptop 09/16/2009 9:27.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2660 [GMT -5:00]
Running from: c:\users\Jim's Laptop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rotscxgbjmeqjq.dat
c:\windows\system32\rotscxnwvwpvgt.dll
c:\windows\system32\rotscxpxuesfcq.dll
c:\windows\system32\rotscxqpooewnk.dll
c:\windows\system32\rotscxtvencebp.dat
c:\windows\TEMP\mta104851.dll
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3084967135-3038832120-1763337499-500
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\apogotu.dll
c:\program files\Common Files\inojyx.pif
c:\program files\Common Files\wykoja.bin
c:\programdata\lumenyxisu.reg
c:\users\Jim's Laptop\AppData\Roaming\Microsoft\dtsc
c:\users\Jim's Laptop\AppData\Roaming\Microsoft\dtsc\3DStudio Max v6.0.torrent
c:\users\Jim's Laptop\AppData\Roaming\Microsoft\dtsc\s
c:\windows\haxivel.ban
c:\windows\Installer\79d58a8.msi
c:\windows\irc.txt
c:\windows\sslzdlt.dll
c:\windows\System32\11478.exe
c:\windows\System32\15724.exe
c:\windows\system32\16827.exe
c:\windows\System32\18467.exe
c:\windows\System32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\System32\26500.exe
c:\windows\System32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\System32\41.exe
c:\windows\system32\491.exe
c:\windows\System32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\afavywosyx.vbs
c:\windows\system32\aKTvyyxx.ini
c:\windows\system32\autochk.dll
c:\windows\system32\braviax.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\rotscxkoxxvels.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\hafecyc.vbs
c:\windows\system32\Install.txt
c:\windows\system32\mndisk.sys
c:\windows\system32\pqgmxofl.ini
c:\windows\system32\sdra64.exe
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\wiawow32.sys
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wiwow64.exe
c:\windows\system32\ygsuhdf83id.dll
c:\windows\Temp\1514891511.exe
c:\windows\Temp\2116309704.exe
c:\windows\Temp\2221693127.exe
c:\windows\Temp\2412021431.exe
c:\windows\Temp\3118823047.exe
c:\windows\Temp\3307405351.exe
c:\windows\Temp\4015796967.exe
c:\windows\Temp\617959591.exe
c:\windows\Temp\702532712.exe
c:\windows\TEMP\mta45304.dll
c:\windows\ygezimiji.dl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MNDISK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_AntipPro2009_100
-------\Service_mndisk
-------\Service_rotscxqyxxxucd
-------\Service_rotscxqyxxxucd


((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 14:38 . 2009-09-16 14:41 -------- d-----w- c:\users\Jim's Laptop\AppData\Local\temp
2009-09-12 09:51 . 2009-09-12 09:51 12681 ----a-w- c:\windows\system32\kero.dat
2009-09-11 22:38 . 2009-09-11 22:54 -------- d--h--w- c:\windows\PIF
2009-09-11 20:08 . 2009-09-11 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 20:08 . 2009-09-11 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-11 19:52 . 2009-09-11 19:57 -------- d-----w- c:\program files\SpywareBlaster
2009-09-09 04:38 . 2009-09-09 04:38 40448 ----a-w- c:\windows\system32\lkod.dll
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\Malwarebytes
2009-09-08 22:09 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 22:09 . 2009-09-12 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 22:09 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\program files\Trend Micro
2009-09-08 20:00 . 2009-09-15 18:57 71168 ----a-w- c:\windows\system32\drivers\rotscxkoxxvels.sys
2009-09-08 14:55 . 2009-09-08 15:52 -------- d-----w- C:\Root
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\Activision
2009-09-08 02:10 . 2009-09-08 02:10 -------- d-----w- c:\windows\system32\xlive
2009-09-08 02:10 . 2009-09-08 02:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-08 01:49 . 2009-09-08 01:49 -------- d-----w- c:\program files\Eidos
2009-09-07 18:35 . 2009-09-07 18:35 -------- d-----w- c:\program files\THQ
2009-09-07 13:56 . 2009-09-07 18:25 -------- d-----w- c:\program files\Paradox Interactive
2009-08-20 04:20 . 2009-08-20 04:20 -------- d-----w- c:\programdata\FLEXnet
2009-08-20 04:15 . 2009-08-20 04:15 -------- d-----w- c:\programdata\ALM
2009-08-20 04:10 . 2009-08-20 04:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-20 04:06 . 2009-08-20 04:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 14:42 . 2008-09-01 21:55 -------- d-----w- c:\programdata\Google Updater
2009-09-16 14:41 . 2008-06-25 02:43 65816 ----a-w- c:\programdata\nvModes.dat
2009-09-16 14:38 . 2008-05-27 06:22 836 ----a-w- c:\windows\bthservsdp.dat
2009-09-16 12:53 . 2008-06-30 22:21 1356 ----a-w- c:\users\Jim's Laptop\AppData\Local\d3d9caps.dat
2009-09-12 09:51 . 2009-09-12 09:51 17023 ----a-w- c:\program files\Common Files\aluci._sy
2009-09-11 17:13 . 2008-11-08 23:55 -------- d-----w- c:\program files\PokerStars
2009-09-11 17:12 . 2008-06-13 17:35 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\uTorrent
2009-09-08 20:22 . 2008-05-27 06:45 -------- d-----w- c:\program files\McAfee
2009-09-08 15:52 . 2008-05-27 06:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 02:09 . 2008-07-29 13:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 02:09 . 2009-01-08 19:05 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:19 . 2008-07-29 13:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-01 11:51 . 2008-06-12 11:23 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\FileZilla
2009-08-20 04:21 . 2008-05-30 22:36 101856 ----a-w- c:\users\Jim's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 04:14 . 2008-06-24 14:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-19 11:18 . 2008-06-05 14:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-10 19:02 . 2009-08-10 19:02 -------- d-----w- c:\program files\PHP
2009-08-09 00:11 . 2009-08-09 00:11 733782 ----a-w- C:\lynx_v283.zip
2009-08-06 04:04 . 2009-07-21 18:30 -------- d-----w- c:\programdata\Microsoft Help
2009-07-30 22:11 . 2009-07-30 22:06 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\Easy Thumbnails
2009-07-30 22:06 . 2009-07-30 22:06 -------- d-----w- c:\program files\Easy Thumbnails
2009-07-21 18:32 . 2009-07-21 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-21 18:32 . 2009-07-21 18:30 -------- d-----w- c:\program files\Microsoft Expression
2009-07-20 14:34 . 2009-07-20 14:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-14 22:17 . 2009-07-14 22:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 22:17 . 2009-07-14 22:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-06-24 20:03 . 2009-07-17 17:00 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll
2009-06-20 01:06 . 2009-06-20 01:06 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2009-06-20 01:06 . 2009-06-20 01:06 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2009-06-20 01:06 . 2009-06-20 01:06 24344 ----a-w- c:\windows\system32\PhysXDevice.dll
2008-05-27 14:09 . 2008-05-27 13:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 20:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 20:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe" [2008-09-26 468472]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-12-08 96800]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-03-09 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-03-07 316672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2007-02-14 124488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-27 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-5-27 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 15:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-27 06:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3084967135-3038832120-1763337499-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CE84CBC5-F93C-46B8-9202-233E5F1EED3C}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{4D9D0324-4459-443D-BE21-15A890182068}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{CED74689-F482-4C18-A913-0DA7C1709CF6}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DE230269-2C38-4DF1-B70E-E4EAB8836085}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2AE869B9-6C9B-47A1-AF04-0356A118A620}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{C6B40FF2-BBD7-47A9-A6D0-1FC7C19B0333}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{8F7D0627-D0D2-42BF-AE3C-48D7A09EBF45}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{BF0DEC8A-0265-4F42-ABA8-61307EC68AB7}"= UDP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineNetworkService.exe:TurbineNetworkService
"{B11143BF-E808-4D2B-ADFE-4D3900BC2B67}"= TCP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineNetworkService.exe:TurbineNetworkService
"{967969BB-353C-401B-A774-5C1E94301F55}"= UDP:990:LocalSubnet:LocalSubnet|IF={23F757CE-01BD-490B-9857-37CB844CE054}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{08A36910-F113-4ADC-BC48-1955C8C3086A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{94F2EC27-B2B4-4285-A85F-EBC68786409C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4078B395-D7FB-4E61-AE80-4757EC73B23F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B8031410-630E-4EDD-B42B-56C7F2D6C2D0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8B4C4D89-834D-4284-B519-691473AC2335}"= UDP:5353:Adobe CSI CS4
"{3ED057A5-A674-417B-8646-FEEDD09EBF6B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8AB875E7-7B33-4875-9D50-195C768DECD5}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9B151F95-93AF-4A44-9D0F-C0C7E5B02607}"= UDP:c:\program files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum
"{314B0B85-D9D5-4759-BA60-020532161007}"= TCP:c:\program files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum
"{2C79DE66-0987-4DF9-B167-1BF72BBCE03E}"= UDP:c:\program files\Activision\Prototype\prototypef.exerototype(TM)
"{7E74F5C9-B6D4-443A-9752-B40AFC2263C6}"= TCP:c:\program files\Activision\Prototype\prototypef.exerototype(TM)
"{D2C5B66C-1A8D-4729-81B9-18978EF10C0B}"= UDP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe:TurbineMessageService
"{BA45EF1E-BA96-4773-9717-7BC889FA6DC9}"= TCP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe:TurbineMessageService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"= c:\program files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux

R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [7/17/2009 12:00 PM 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [5/27/2008 1:21 AM 73728]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [3/6/2009 11:28 PM 124160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-27 19:03]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-15 15:53]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-15 15:53]

2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{AB68BE68-CA4B-4671-A5F6-D884A313B9BC}.job
- c:\windows\system32\msfeedssync.exe [2008-06-05 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: evga.com\www
Trusted Zone: redlegion.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{BA603215-23F2-42AD-F4E4-00AAC39CAA53} - c:\windows\system32\ygsuhdf83id.dll
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
HKU-Default-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe
SharedTaskScheduler-{BA603215-23F2-42AD-F4E4-00AAC39CAA53} - c:\windows\system32\ygsuhdf83id.dll
ShellExecuteHooks-{24DAAFB8-B7F5-463F-88C1-D497611FC253} - c:\windows\system32\fCrrrsTK.dll
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 09:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rotscxqyxxxucd]
"imagepath"="\systemroot\system32\drivers\rotscxkoxxvels.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rotscxqyxxxucd]
@DACL=(02 0000)
"start"=dword:00000004
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\rotscxkoxxvels.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(1116)
c:\program files\SetPoint\lgscroll.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\EPSON\eEBAPI\eEBSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\MozyHome\mozybackup.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\windows\System32\wiwow64.exe
c:\windows\System32\RacAgent.exe
c:\windows\System32\lsm32.sys
.
**************************************************************************
.
Completion time: 2009-09-16 9:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 14:55

Pre-Run: 64,446,926,848 bytes free
Post-Run: 64,275,935,232 bytes free

447 --- E O F --- 2008-07-25 21:54

 

[Blade81]

Good. Please run DDS and post back its fresh log too

 

[thegraz]

Here is the First


DDS (Ver_09-07-30.01) - NTFSx86
Run by Jim's Laptop at 10:44:23.08 on Wed 09/16/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2215 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergyc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jim's Laptop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager - preview\TurbineDownloadManagerIcon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [bacstray] c:\program files\broadcom\bacs\BacsTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: evga.com\www
Trusted Zone: redlegion.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-7-17 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-27 73728]
R2 PreviewTurbineMessageService;Turbine Message Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineMessageService.exe [2008-9-29 255472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-11 1153368]
R2 Synergy Client;Synergy Client;c:\program files\synergy\synergyc.exe [2006-4-2 446464]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-3-6 124160]
S3 PreviewTurbineNetworkService;Turbine Network Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineNetworkService.exe [2008-9-29 218608]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S4 sofatnet;sofatnet Service;c:\windows\system32\sofatnet.exe [2006-11-2 93696]

=============== Created Last 30 ================

2009-09-16 09:48 41,631 a------- c:\windows\system32\certstore.dat
2009-09-15 11:19 229,888 a------- c:\windows\PEV.exe
2009-09-15 11:19 161,792 a------- c:\windows\SWREG.exe
2009-09-15 11:19 98,816 a------- c:\windows\sed.exe
2009-09-12 04:51 12,681 a------- c:\windows\system32\kero.dat
2009-09-11 17:38 <DIR> --d-h--- c:\windows\PIF
2009-09-11 15:08 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-11 14:52 <DIR> a-d----- c:\programdata\TEMP
2009-09-11 14:52 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-10 07:46 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2009-09-08 23:38 40,448 a------- c:\windows\system32\lkod.dll
2009-09-08 23:38 320 a------- c:\windows\system32\jlksf
2009-09-08 17:09 <DIR> --d----- c:\users\jim'sl~1\appdata\roaming\Malwarebytes
2009-09-08 17:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 17:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:09 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 17:09 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 15:00 71,168 a------- c:\windows\system32\drivers\rotscxkoxxvels.sys
2009-09-08 09:55 <DIR> --d----- C:\Root
2009-09-08 09:55 <DIR> --d----- c:\program files\Activision
2009-09-07 21:10 <DIR> --d----- c:\windows\system32\xlive
2009-09-07 21:10 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-07 20:49 <DIR> --d----- c:\program files\Eidos
2009-09-07 13:35 <DIR> --d----- c:\program files\THQ
2009-09-07 08:56 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-19 23:20 <DIR> --d----- c:\programdata\FLEXnet
2009-08-19 23:15 <DIR> --d----- c:\programdata\ALM
2009-08-19 23:15 <DIR> --d----- c:\progra~2\ALM
2009-08-19 23:06 <DIR> --d----- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2009-09-16 10:39 65,816 a------- c:\programdata\nvModes.dat
2009-09-16 10:39 65,816 a------- c:\progra~2\nvModes.dat
2009-09-12 04:51 17,023 a------- c:\program files\common files\aluci._sy
2009-08-08 19:11 733,782 a------- C:\lynx_v283.zip
2009-07-20 09:34 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2009-06-19 20:06 24,344 a------- c:\windows\system32\PhysXDevice.dll
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstor.dat
2009-06-08 06:56 86,016 a------- c:\windows\inf\infpub.dat
2008-06-11 06:40 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-04 21:34 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:45:00.51 ===============

 

[thegraz]

And the Attach File


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/27/2008 1:23:24 AM
System Uptime: 9/16/2009 10:03:08 AM (0 hours ago)

Motherboard: Dell Inc. | | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 59.688 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.543 GiB free.
E: is CDROM ()
F: is CDROM ()
Y: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

==== System Restore Points ===================

RP534: 9/15/2009 1:39:47 PM - ComboFix created restore point

==== Installed Programs ======================

7-Zip 4.57
AC3Filter (remove only)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Banctec Service Agreement
Batman: Arkham Asylum
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Butler Advantage XE 6.3
CDDRV_Installer
Company of Heroes
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
Easy Thumbnails (Remove only)
EDocs
EPSON Artisan 800 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ffdshow [rev 1685] [2007-12-06]
FileZilla Client 3.1.0.1
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
Haali Media Splitter
HijackThis 2.0.2
HTC Touch Pro™ User Guide
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) SE Runtime Environment 6
KhalSetup
kuler
LightScribe System Software 1.10.16.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Managed DirectX (1126)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
MozyHome Remote Backup
mPfMgr
Music, Photos & Videos Launcher
mWMI
Nero 8 Essentials
neroxml
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OutlookAddinSetup
PDF Settings CS4
Photoshop Camera Raw
PHP 5.3.0
Picasa 3
Product Documentation Launcher
Prototype(TM)
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SetPoint
Sprint SmartView
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Synergy
System Requirements Lab
The Lord of the Rings - Conquest™
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
The Rosetta Stone
TotalAudioConverter
Turbine Download Manager - Preview 1.0.3191.15414
VCRedistSetup
Ventrilo Client
VideoLAN VLC media player 0.8.6f
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR

==== Event Viewer Messages From Past Week ========

9/9/2009 8:26:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
9/9/2009 8:26:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/9/2009 7:51:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
9/9/2009 2:43:34 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3B889927. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/9/2009 2:37:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/9/2009 2:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mozyFilter SASDIFSV SASKUTIL spldr Wanarpv6
9/9/2009 2:35:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2009 2:35:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/9/2009 2:35:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/9/2009 2:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/9/2009 2:35:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2009 2:35:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
9/9/2009 2:35:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/9/2009 2:34:54 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
9/9/2009 2:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/9/2009 2:34:38 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:52 PM on 9/9/2009 was unexpected.
9/9/2009 2:30:44 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was The remote procedure call failed. .
9/9/2009 2:30:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/16/2009 9:31:50 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/16/2009 9:29:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
9/16/2009 9:29:42 AM, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/16/2009 9:28:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
9/16/2009 9:28:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee SystemGuards service to connect.
9/16/2009 9:28:12 AM, Error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/15/2009 6:11:10 AM, Error: EventLog [6008] - The previous system shutdown at 6:09:27 AM on 9/15/2009 was unexpected.
9/15/2009 2:03:46 PM, Error: EventLog [6008] - The previous system shutdown at 2:01:49 PM on 9/15/2009 was unexpected.
9/15/2009 2:01:49 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:24 PM on 9/15/2009 was unexpected.
9/15/2009 1:51:23 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:51:23 PM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/15/2009 1:43:29 PM, Error: Service Control Manager [7034] - The Synergy Client service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:40:26 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:24:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/15/2009 1:24:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/14/2009 7:47:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/11/2009 3:37:38 PM, Error: EventLog [6008] - The previous system shutdown at 3:35:07 PM on 9/11/2009 was unexpected.
9/11/2009 3:01:58 PM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
9/11/2009 3:01:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
9/11/2009 2:48:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/11/2009 2:42:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:39:50 PM on 9/11/2009 was unexpected.
9/11/2009 12:14:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/10/2009 5:01:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001F3B889927 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/10/2009 3:43:09 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3B889927. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/10/2009 3:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================

 

[Blade81]

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.spybot.info/showthread.php?p=336588#post336588
Driver::
rotscxqyxxxucd
Collect::
c:\windows\system32\kero.dat
c:\windows\system32\lkod.dll
c:\windows\system32\jlksf
c:\windows\system32\drivers\rotscxkoxxvels.sys
c:\program files\Common Files\aluci._sy
Folder::
c:\users\Jim's Laptop\AppData\Roaming\uTorrent
c:\program files\uTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C6B40FF2-BBD7-47A9-A6D0-1FC7C19B0333}"=-
"{8F7D0627-D0D2-42BF-AE3C-48D7A09EBF45}"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll be asked to submit some samples.
Then post the resultant log.



Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

[thegraz]

Hi,

Here is the log file, and I am doing everything else now

ComboFix 09-09-14.02 - Jim's Laptop 09/16/2009 11:41.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2223 [GMT -5:00]
Running from: c:\users\Jim's Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim's Laptop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


file zipped: c:\program files\Common Files\aluci._sy
file zipped: c:\windows\system32\drivers\rotscxkoxxvels.sys
file zipped: c:\windows\system32\jlksf
file zipped: c:\windows\system32\kero.dat
file zipped: c:\windows\system32\lkod.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\aluci._sy
c:\users\Jim's Laptop\AppData\Roaming\uTorrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\2nd season.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Adobe Illustrator CS4 [CLEAN] [blaze69].7z.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Areeya's World - Double Dildo - HD.wmv.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Ass Toyed Shemales - Adriana Rodrigues & Chelsiea.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\AutoCAD 2009(VF).torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\AutoCAD 2009.iso.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Batman.Arkham.Asylum.READNFO.Direct2Drive-TL.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Battlestar Galactica.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Bionic Woman - Season 1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Blood ties season 2.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Boston legal season 2.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Boston.Legal.Season.1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Britney Spears - All Music Videos.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Britney Spears Sex Tape BRAND NEW XXX.wmv.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Bruce Springsteen-Tunnel of Love-1987-kl.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Bruce Springsteen-Tunnel of Love(Darkside_RG).1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Bruce Springsteen - 1987 - Tunnel Of Love.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Bruce Springsteen - Tunnel Of Love (MP3@320Kbps) H33T.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Cathouse Season 2.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Cathouse.Season1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Chess for Dummies.iso.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Damages.S01.Complete.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Dark Angel.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\dht.dat
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Diamond TV 2.1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Duke Nukem 3D - xxthugxx.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\eminem.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Erin Andrews ESPN nude.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Eureka.S01.DVDRip.XviD-TOPAZ.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Eureka.S02.DVDRip_XviD-FoV.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Extras.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E01.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E02.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E03.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E04.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E05.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E06.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Generation.Kill.S01E07.HDTV.XviD-0TV.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Heroes S1 - S3 full 3 season collection.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Heroes Season 2 HDTV XviD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Hollow Man.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\House MD Season 1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Jericho - Season 2 - Complete.1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Jericho - Season 2 - Complete.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Jericho Season1 (XviD asd) EnglishV+NapisyPL.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Kamikaze.Girls.Vol.58-tna.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Keeley Hazell Full Sextape.wmv.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Kid Rock-Rock And Roll Jesus.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Kid Rock - All Summer Long [ipod touch - iphone].mp4.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\KILL SWITCH [ENG] (NAMCO).torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\LadyBoy69 - Bambi - Totally Adorable - HD.wmv.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Long Mint - School Teacher - HD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Long Mint - Sex Slave - HD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Lynyrd Skynyrd - Simple Man.mp3.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Maria Ozawa & Asahi Miura - W Cast Premium Lesbian.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Mass.Effect-DETONATiON.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Men in Trees S01- E01 - E17.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Mother's Milk of Wife - Misa and Ran [1h59m34s 640x480 DivX52+MP3].avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\nathcapricavalli_large.mpg.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\NATIONAL LAMPOONS DORM DAZE 2[2006][ENG][AC3 5.1][DVDRip]-FLAWL3SS.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\nbwjennilee_large.mpg.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\noariannaarmani_large.mpg.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Open.Water.2.Adrift.RETAIL.DVDRip.XviD-OGTXViD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Panzer Command Kharkov [PC][English][www.newpct.com].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Perfect_World_International.exe.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Power AMR MP3 WAV WMA M4A AC3 Audio Converter.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\PowerISO.v4.1.Incl.Keymaker-AGAiN.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\PRECRAcked-WinRAR.3.71.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Private Love Story.ISO.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Project Gotham Racing 3D - xxThugxx.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Prototype-Razor1911.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Psych S01 Season 1 Complete English.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Psych S02 Season 2 Complete English DVD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Quake Mobile v1.20 - xxthugxx.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Reaper.S01.HDTV.XviD-hibocbii.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Reaper.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Red School Girls Free for all.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\resume.dat
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Rise.[Blood.Hunter].2007.DvDRip.Eng-FxM.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Rosetta Stone Compressed.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Rosetta Stone Spanish - Latin America Level 1-2 [h33t PC CD IMAGE].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\ROSETTADVD.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\rss.dat
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\RTL.Winter.Sports.2009.EUR.[CienPorCienGames.com].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Scrubs - Season 1 - High Quality - Dvd Rip + Extras.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Scrubs - Season 2 - High Quality - Dvd Rip + Extras.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Scrubs Season 3.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\sd4hide11-skl.rar.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Season 02.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Season 1.1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Season 1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\season3.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Secret.Diary.Of.A.Call.Girl.S01.WS.DVDRip.XviD-RiVER.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\settings.dat
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Shinedown - Leave A Whisper [The Raven].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Sins Of A Solar Empire ISO.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Sports.Illustrated.Swimsuit.2008.720p.AC3.HDTV.XviD-Mc5.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Swat 4 Gold Edition [FULL] + Crack.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Terminator - The Sarah Connor Chronicles season 2.1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Terminator - The Sarah Connor Chronicles season 2.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01.COMPLETE.VOSTFR.HDTV.XviD-PM4.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Life of David Gale.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Rosetta Stone - Spanish - Level I+II.ISO.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Shield [seasons 1 - 5].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Wire - season 3 complete.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Wire - Season 4.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The Wire - Season 5.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The.L.Word.Season 3 complete LOL.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The.Wire.S05E04.DIRFIX.REPACK.PDTV.XviD-2HD.avi.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\The_Lord_Of_The_Rings_Conquest-Razor1911.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Total Audio Converter 2.6 With Serial.rar.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\utorrent-help.zip
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\utorrent.chm
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Veronica Mars Season 1.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Veronica Mars Season 2.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Veronica Mars season 3.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Veronica.Mars.T2.[DVDRip].[www.tensiontorrent.com].torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\VIDEOOT-TIENERSEXFILMS.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Wargames.The.Dead.Code.[2008.Eng].DVDRip.DivX-LTT.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\WhiteTeensBlackCocks - Henessy.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\wild_party_girls_41-tna.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\WinRAR 3.71 Final FULL Extreme Edition (Pre-PATCHED - TESTED!) ~ WORKS 100%.torrent
c:\users\Jim's Laptop\AppData\Roaming\uTorrent\Wolfenstein 3D - xxthugxx.torrent
c:\windows\Install.txt
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\rotscxkoxxvels.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\jlksf
c:\windows\system32\kero.dat
c:\windows\system32\lkod.dll
c:\windows\system32\wiwow64.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxqyxxxucd
-------\Service_rotscxqyxxxucd


((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 16:52 . 2009-09-16 16:55 -------- d-----w- c:\users\Jim's Laptop\AppData\Local\temp
2009-09-16 16:52 . 2009-09-16 16:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-16 16:52 . 2009-09-16 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-11 22:38 . 2009-09-11 22:54 -------- d--h--w- c:\windows\PIF
2009-09-11 20:08 . 2009-09-11 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 20:08 . 2009-09-11 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-11 19:52 . 2009-09-11 19:57 -------- d-----w- c:\program files\SpywareBlaster
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\Malwarebytes
2009-09-08 22:09 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 22:09 . 2009-09-12 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 22:09 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\program files\Trend Micro
2009-09-08 14:55 . 2009-09-08 15:52 -------- d-----w- C:\Root
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\Activision
2009-09-08 02:10 . 2009-09-08 02:10 -------- d-----w- c:\windows\system32\xlive
2009-09-08 02:10 . 2009-09-08 02:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-08 01:49 . 2009-09-08 01:49 -------- d-----w- c:\program files\Eidos
2009-09-07 18:35 . 2009-09-07 18:35 -------- d-----w- c:\program files\THQ
2009-09-07 13:56 . 2009-09-07 18:25 -------- d-----w- c:\program files\Paradox Interactive
2009-08-20 04:20 . 2009-08-20 04:20 -------- d-----w- c:\programdata\FLEXnet
2009-08-20 04:15 . 2009-08-20 04:15 -------- d-----w- c:\programdata\ALM
2009-08-20 04:10 . 2009-08-20 04:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-20 04:06 . 2009-08-20 04:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 16:53 . 2008-05-27 06:22 836 ----a-w- c:\windows\bthservsdp.dat
2009-09-16 15:48 . 2008-06-25 02:43 65816 ----a-w- c:\programdata\nvModes.dat
2009-09-16 14:42 . 2008-09-01 21:55 -------- d-----w- c:\programdata\Google Updater
2009-09-16 12:53 . 2008-06-30 22:21 1356 ----a-w- c:\users\Jim's Laptop\AppData\Local\d3d9caps.dat
2009-09-11 17:13 . 2008-11-08 23:55 -------- d-----w- c:\program files\PokerStars
2009-09-08 20:22 . 2008-05-27 06:45 -------- d-----w- c:\program files\McAfee
2009-09-08 15:52 . 2008-05-27 06:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 02:09 . 2008-07-29 13:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 02:09 . 2009-01-08 19:05 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:19 . 2008-07-29 13:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-01 11:51 . 2008-06-12 11:23 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\FileZilla
2009-08-20 04:21 . 2008-05-30 22:36 101856 ----a-w- c:\users\Jim's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 04:14 . 2008-06-24 14:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-19 11:18 . 2008-06-05 14:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-10 19:02 . 2009-08-10 19:02 -------- d-----w- c:\program files\PHP
2009-08-09 00:11 . 2009-08-09 00:11 733782 ----a-w- C:\lynx_v283.zip
2009-08-06 04:04 . 2009-07-21 18:30 -------- d-----w- c:\programdata\Microsoft Help
2009-07-30 22:11 . 2009-07-30 22:06 -------- d-----w- c:\users\Jim's Laptop\AppData\Roaming\Easy Thumbnails
2009-07-30 22:06 . 2009-07-30 22:06 -------- d-----w- c:\program files\Easy Thumbnails
2009-07-21 18:32 . 2009-07-21 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-21 18:32 . 2009-07-21 18:30 -------- d-----w- c:\program files\Microsoft Expression
2009-07-20 14:34 . 2009-07-20 14:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-14 22:17 . 2009-07-14 22:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 22:17 . 2009-07-14 22:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-06-24 20:03 . 2009-07-17 17:00 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll
2009-06-20 01:06 . 2009-06-20 01:06 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll
2009-06-20 01:06 . 2009-06-20 01:06 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2009-06-20 01:06 . 2009-06-20 01:06 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2009-06-20 01:06 . 2009-06-20 01:06 24344 ----a-w- c:\windows\system32\PhysXDevice.dll
2008-05-27 14:09 . 2008-05-27 13:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-16_14.41.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 06:32 . 2009-09-16 15:05 57624 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-16 15:05 88954 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 00:52 . 2009-09-16 15:05 10562 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3084967135-3038832120-1763337499-1000_UserData.bin
+ 2006-11-02 09:46 . 2006-11-02 09:46 93696 c:\windows\System32\sofatnet.exe
+ 2006-11-02 09:46 . 2006-11-02 09:46 40960 c:\windows\System32\lsm32.sys
+ 2006-11-02 09:46 . 2006-11-02 09:46 46592 c:\windows\System32\EvdoServer.dll
+ 2008-05-30 22:32 . 2009-09-16 16:54 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-30 22:32 . 2009-09-16 14:41 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 10:33 . 2009-09-16 14:33 634976 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-16 15:40 634976 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 14:33 113246 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-16 15:40 113246 c:\windows\System32\perfc009.dat
+ 2009-09-16 14:42 . 2009-09-16 14:42 131584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKO55PDR\w[2].bin
+ 2008-05-30 22:32 . 2009-09-16 16:54 376832 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-30 22:32 . 2009-09-16 14:41 376832 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-30 22:32 . 2009-09-16 14:41 2654208 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 22:32 . 2009-09-16 16:54 2654208 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 20:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 20:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe" [2008-09-26 468472]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-12-08 96800]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-03-09 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-03-07 316672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2007-02-14 124488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-27 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-5-27 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 15:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-27 06:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3084967135-3038832120-1763337499-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CE84CBC5-F93C-46B8-9202-233E5F1EED3C}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{4D9D0324-4459-443D-BE21-15A890182068}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{CED74689-F482-4C18-A913-0DA7C1709CF6}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DE230269-2C38-4DF1-B70E-E4EAB8836085}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2AE869B9-6C9B-47A1-AF04-0356A118A620}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{BF0DEC8A-0265-4F42-ABA8-61307EC68AB7}"= UDP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineNetworkService.exe:TurbineNetworkService
"{B11143BF-E808-4D2B-ADFE-4D3900BC2B67}"= TCP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineNetworkService.exe:TurbineNetworkService
"{967969BB-353C-401B-A774-5C1E94301F55}"= UDP:990:LocalSubnet:LocalSubnet|IF={23F757CE-01BD-490B-9857-37CB844CE054}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{08A36910-F113-4ADC-BC48-1955C8C3086A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{94F2EC27-B2B4-4285-A85F-EBC68786409C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4078B395-D7FB-4E61-AE80-4757EC73B23F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B8031410-630E-4EDD-B42B-56C7F2D6C2D0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8B4C4D89-834D-4284-B519-691473AC2335}"= UDP:5353:Adobe CSI CS4
"{3ED057A5-A674-417B-8646-FEEDD09EBF6B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8AB875E7-7B33-4875-9D50-195C768DECD5}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9B151F95-93AF-4A44-9D0F-C0C7E5B02607}"= UDP:c:\program files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum
"{314B0B85-D9D5-4759-BA60-020532161007}"= TCP:c:\program files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:Batman: Arkham Asylum
"{2C79DE66-0987-4DF9-B167-1BF72BBCE03E}"= UDP:c:\program files\Activision\Prototype\prototypef.exerototype(TM)
"{7E74F5C9-B6D4-443A-9752-B40AFC2263C6}"= TCP:c:\program files\Activision\Prototype\prototypef.exerototype(TM)
"{07AA713F-452C-4126-B557-A07965FE98E0}"= UDP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe:TurbineMessageService
"{71442164-2461-4930-9D87-ED9244E540F9}"= TCP:c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe:TurbineMessageService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"= c:\program files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux

R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [7/17/2009 12:00 PM 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [5/27/2008 1:21 AM 73728]
R2 PreviewTurbineMessageService;Turbine Message Service - Preview;c:\program files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe [9/29/2008 6:01 PM 255472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/11/2009 3:08 PM 1153368]
S2 Synergy Client;Synergy Client;c:\program files\Synergy\synergyc.exe [4/2/2006 3:19 PM 446464]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [3/6/2009 11:28 PM 124160]
S3 PreviewTurbineNetworkService;Turbine Network Service - Preview;c:\program files\Turbine\Turbine Download Manager - Preview\TurbineNetworkService.exe [9/29/2008 6:01 PM 218608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S4 sofatnet;sofatnet Service;c:\windows\System32\sofatnet.exe [11/2/2006 4:46 AM 93696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-27 19:03]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-15 15:53]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-15 15:53]

2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{AB68BE68-CA4B-4671-A5F6-D884A313B9BC}.job
- c:\windows\system32\msfeedssync.exe [2008-06-05 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: evga.com\www
Trusted Zone: redlegion.com\www
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(604)
c:\program files\SetPoint\lgscroll.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\EPSON\eEBAPI\eEBSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\MozyHome\mozybackup.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\UI0Detect.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-16 12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 17:01
ComboFix2.txt 2009-09-16 14:57

Pre-Run: 64,045,273,088 bytes free
Post-Run: 63,898,939,392 bytes free

494 --- E O F --- 2008-07-25 21:54
Upload was successful

 

[thegraz]

KAS File

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 16, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 16, 2009 23:53:53
Records in database: 2836457
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
Y:\

Scan statistics:
Objects scanned: 184749
Threats found: 9
Infected objects found: 16
Suspicious objects found: 0
Scan duration: 03:14:35


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir Infected: Trojan.Win32.Vilsel.cnb 1
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\Uninstall.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fmm 1
C:\Qoobox\Quarantine\C\Windows\System32\autochk.dll.vir Infected: Trojan.Win32.Scar.ef 1
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\protect.dll.vir Infected: Trojan.Win32.Scar.ef 1
C:\Qoobox\Quarantine\C\Windows\System32\drivers\rotscxkoxxvels.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_rotscxkoxxvels_.sys.zip Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\rotscxnwvwpvgt.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\rotscxpxuesfcq.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\rotscxqpooewnk.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\Windows\System32\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.aauk 1
C:\Qoobox\Quarantine\C\Windows\System32\tajf83ikdmf.dll.vir Infected: Trojan-Downloader.Win32.Agent.cpql 1
C:\Qoobox\Quarantine\C\Windows\System32\winupdate.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fms 1
C:\Qoobox\Quarantine\C\Windows\System32\wisdstr.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fmm 1
C:\Qoobox\Quarantine\[4]-Submit_2009-09-16_11.40.57.zip Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\[4]-Submit_2009-09-16_11.40.57.zip Infected: Trojan-Spy.Win32.Amber.cu 1
C:\Users\Jim's Laptop\Documents\Downloads\Chess for Dummies.iso Infected: Trojan-Dropper.Win32.VB.bix 1

Selected area has been scanned.

 

[thegraz]

DDS File


DDS (Ver_09-07-30.01) - NTFSx86
Run by Jim's Laptop at 20:57:55.72 on Wed 09/16/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2027 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergyc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Jim's Laptop\AppData\Local\temp\jkos-Jim's Laptop\binaries\ScanningProcess.exe
C:\Users\Jim's Laptop\AppData\Local\temp\jkos-Jim's Laptop\binaries\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jim's Laptop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager - preview\TurbineDownloadManagerIcon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [bacstray] c:\program files\broadcom\bacs\BacsTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: evga.com\www
Trusted Zone: redlegion.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-7-17 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-27 73728]
R2 PreviewTurbineMessageService;Turbine Message Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineMessageService.exe [2008-9-29 255472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-11 1153368]
R2 Synergy Client;Synergy Client;c:\program files\synergy\synergyc.exe [2006-4-2 446464]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-3-6 124160]
S3 PreviewTurbineNetworkService;Turbine Network Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineNetworkService.exe [2008-9-29 218608]
S4 sofatnet;sofatnet Service;c:\windows\system32\sofatnet.exe [2006-11-2 93696]

=============== Created Last 30 ================

2009-09-16 15:22 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-16 14:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-16 14:36 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-16 14:36 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-16 14:36 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-16 12:03 41,631 a------- c:\windows\system32\certstore.dat
2009-09-15 11:19 229,888 a------- c:\windows\PEV.exe
2009-09-15 11:19 161,792 a------- c:\windows\SWREG.exe
2009-09-15 11:19 98,816 a------- c:\windows\sed.exe
2009-09-11 17:38 <DIR> --d-h--- c:\windows\PIF
2009-09-11 15:08 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-11 14:52 <DIR> a-d----- c:\programdata\TEMP
2009-09-11 14:52 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-10 07:46 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2009-09-08 17:09 <DIR> --d----- c:\users\jim'sl~1\appdata\roaming\Malwarebytes
2009-09-08 17:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 17:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:09 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 17:09 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 09:55 <DIR> --d----- C:\Root
2009-09-08 09:55 <DIR> --d----- c:\program files\Activision
2009-09-07 21:10 <DIR> --d----- c:\windows\system32\xlive
2009-09-07 21:10 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-07 20:49 <DIR> --d----- c:\program files\Eidos
2009-09-07 13:35 <DIR> --d----- c:\program files\THQ
2009-09-07 08:56 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-19 23:20 <DIR> --d----- c:\programdata\FLEXnet
2009-08-19 23:15 <DIR> --d----- c:\programdata\ALM
2009-08-19 23:15 <DIR> --d----- c:\progra~2\ALM
2009-08-19 23:06 <DIR> --d----- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2009-09-16 19:29 65,816 a------- c:\programdata\nvModes.dat
2009-09-16 19:29 65,816 a------- c:\progra~2\nvModes.dat
2009-08-08 19:11 733,782 a------- C:\lynx_v283.zip
2009-07-20 09:34 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2009-06-19 20:06 24,344 a------- c:\windows\system32\PhysXDevice.dll
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstor.dat
2009-06-08 06:56 86,016 a------- c:\windows\inf\infpub.dat
2008-06-11 06:40 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-04 21:34 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:58:33.05 ===============

 

[thegraz]

Attach File


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/27/2008 1:23:24 AM
System Uptime: 9/16/2009 2:38:26 PM (6 hours ago)

Motherboard: Dell Inc. | | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 47.799 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.543 GiB free.
E: is CDROM ()
F: is CDROM ()
Y: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

==== System Restore Points ===================

RP534: 9/15/2009 1:39:47 PM - ComboFix created restore point
RP536: 9/16/2009 1:44:20 PM - Scheduled Checkpoint
RP538: 9/16/2009 2:35:59 PM - Windows Update
RP540: 9/16/2009 3:16:58 PM - Removed Java(TM) SE Runtime Environment 6
RP542: 9/16/2009 3:18:42 PM - Removed SUPERAntiSpyware Professional
RP544: 9/16/2009 3:21:56 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

7-Zip 4.57
AC3Filter (remove only)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Banctec Service Agreement
Batman: Arkham Asylum
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Butler Advantage XE 6.3
CDDRV_Installer
Company of Heroes
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
Easy Thumbnails (Remove only)
EDocs
EPSON Artisan 800 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ffdshow [rev 1685] [2007-12-06]
FileZilla Client 3.1.0.1
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
Haali Media Splitter
HijackThis 2.0.2
HTC Touch Pro™ User Guide
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 16
KhalSetup
kuler
LightScribe System Software 1.10.16.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Managed DirectX (1126)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
MozyHome Remote Backup
mPfMgr
Music, Photos & Videos Launcher
mWMI
Nero 8 Essentials
neroxml
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OutlookAddinSetup
PDF Settings CS4
Photoshop Camera Raw
PHP 5.3.0
Picasa 3
Product Documentation Launcher
Prototype(TM)
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SetPoint
Sprint SmartView
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
Synergy
System Requirements Lab
The Lord of the Rings - Conquest™
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
The Rosetta Stone
TotalAudioConverter
Turbine Download Manager - Preview 1.0.3191.15414
VCRedistSetup
Ventrilo Client
VideoLAN VLC media player 0.8.6f
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR

==== Event Viewer Messages From Past Week ========

9/9/2009 8:26:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
9/9/2009 8:26:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/9/2009 7:51:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
9/9/2009 2:43:34 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3B889927. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/9/2009 2:37:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/9/2009 2:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mozyFilter SASDIFSV SASKUTIL spldr Wanarpv6
9/9/2009 2:35:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2009 2:35:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/9/2009 2:35:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/9/2009 2:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/9/2009 2:35:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2009 2:35:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
9/9/2009 2:35:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/9/2009 2:34:54 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
9/9/2009 2:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/9/2009 2:34:38 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:52 PM on 9/9/2009 was unexpected.
9/9/2009 2:30:44 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was The remote procedure call failed. .
9/9/2009 2:30:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/15/2009 6:11:10 AM, Error: EventLog [6008] - The previous system shutdown at 6:09:27 AM on 9/15/2009 was unexpected.
9/15/2009 2:03:46 PM, Error: EventLog [6008] - The previous system shutdown at 2:01:49 PM on 9/15/2009 was unexpected.
9/15/2009 2:01:49 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:24 PM on 9/15/2009 was unexpected.
9/15/2009 1:51:23 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:51:23 PM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/15/2009 1:43:29 PM, Error: Service Control Manager [7034] - The Synergy Client service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:40:26 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 1:24:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/15/2009 1:24:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/14/2009 7:47:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/11/2009 3:37:38 PM, Error: EventLog [6008] - The previous system shutdown at 3:35:07 PM on 9/11/2009 was unexpected.
9/11/2009 3:01:58 PM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
9/11/2009 3:01:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
9/11/2009 2:48:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/11/2009 2:42:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:39:50 PM on 9/11/2009 was unexpected.
9/11/2009 12:14:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/10/2009 5:01:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001F3B889927 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/10/2009 3:43:09 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3B889927. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/10/2009 3:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================

 

[Blade81]

Hi,

Please update Malwarebytes' Anti-Malware definitions and run full scan with it. Post back its report.

Also, delete C:\Users\Jim's Laptop\Documents\Downloads\Chess for Dummies.iso file unless you're sure about its origin.

 

[thegraz]

Here is the log. Malwarebytes is asking to remove files, should I?

Malwarebytes' Anti-Malware 1.41
Database version: 2815
Windows 6.0.6001 Service Pack 1

9/17/2009 10:42:22 AM
mbam-log-2009-09-17 (10-42-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278988
Time elapsed: 1 hour(s), 35 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sofatnet (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sofatnet (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Trojan.Ambler) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Trojan.Ambler) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Trojan.Ambler) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Trojan.Ambler) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Trojan.Ambler) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Trojan.Ambler) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Rogue.Installer) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir (Rogue.AntivirusPro) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\Uninstall.exe.vir (Rogue.AntivirusPro) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\wscui.cpl.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\autochk.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\rotscxpxuesfcq.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\rotscxqpooewnk.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\winupdate.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\wisdstr.exe.vir (Rogue.AntivirusPro) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\wiwow64.exe.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\protect.dll.vir (Trojan.Agent) -> No action taken.
C:\Windows\System32\sofatnet.exe (Backdoor.Bot) -> No action taken.
C:\Windows\System32\EvdoServer.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKO55PDR\w[1].bin (Backdoor.Bot) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKO55PDR\w[2].bin (Backdoor.Bot) -> No action taken.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.
C:\Users\Jim's Laptop\Desktop\sVCHost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

 

[Blade81]

Yes, let it remove all findings. Then post new report & fresh dds.txt log.

 

[thegraz]

New log after deletion

Malwarebytes' Anti-Malware 1.41
Database version: 2815
Windows 6.0.6001 Service Pack 1

9/17/2009 12:57:02 PM
mbam-log-2009-09-17 (12-56-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278856
Time elapsed: 1 hour(s), 34 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.

 

[thegraz]

DDS File


DDS (Ver_09-07-30.01) - NTFSx86
Run by Jim's Laptop at 13:06:13.26 on Thu 09/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2377 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineMessageService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jim's Laptop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager - preview\TurbineDownloadManagerIcon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [bacstray] c:\program files\broadcom\bacs\BacsTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: evga.com\www
Trusted Zone: redlegion.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-7-17 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-27 73728]
R2 PreviewTurbineMessageService;Turbine Message Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineMessageService.exe [2008-9-29 255472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-11 1153368]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\sdisttest\SDistTestSvc.exe [2009-9-17 907680]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-3-6 124160]
S3 PreviewTurbineNetworkService;Turbine Network Service - Preview;c:\program files\turbine\turbine download manager - preview\TurbineNetworkService.exe [2008-9-29 218608]

=============== Created Last 30 ================

2009-09-17 07:51 <DIR> --d----- c:\program files\SDistTest
2009-09-16 15:22 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-16 14:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-16 14:36 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-16 14:36 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-16 14:36 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-15 11:19 229,888 a------- c:\windows\PEV.exe
2009-09-15 11:19 161,792 a------- c:\windows\SWREG.exe
2009-09-15 11:19 98,816 a------- c:\windows\sed.exe
2009-09-11 17:38 <DIR> --d-h--- c:\windows\PIF
2009-09-11 15:08 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-11 15:08 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-11 14:52 <DIR> a-d----- c:\programdata\TEMP
2009-09-11 14:52 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-10 07:46 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2009-09-08 17:09 <DIR> --d----- c:\users\jim'sl~1\appdata\roaming\Malwarebytes
2009-09-08 17:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 17:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:09 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 17:09 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-08 17:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 09:55 <DIR> --d----- C:\Root
2009-09-08 09:55 <DIR> --d----- c:\program files\Activision
2009-09-07 21:10 <DIR> --d----- c:\windows\system32\xlive
2009-09-07 21:10 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-07 20:49 <DIR> --d----- c:\program files\Eidos
2009-09-07 08:56 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-19 23:20 <DIR> --d----- c:\programdata\FLEXnet
2009-08-19 23:15 <DIR> --d----- c:\programdata\ALM
2009-08-19 23:15 <DIR> --d----- c:\progra~2\ALM
2009-08-19 23:06 <DIR> --d----- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2009-09-17 13:04 65,816 a------- c:\programdata\nvModes.dat
2009-09-17 13:04 65,816 a------- c:\progra~2\nvModes.dat
2009-08-08 19:11 733,782 a------- C:\lynx_v283.zip
2009-07-20 09:34 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2009-06-19 20:06 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2009-06-19 20:06 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2009-06-19 20:06 24,344 a------- c:\windows\system32\PhysXDevice.dll
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 06:56 143,360 a------- c:\windows\inf\infstor.dat
2009-06-08 06:56 86,016 a------- c:\windows\inf\infpub.dat
2008-06-11 06:40 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-04 21:34 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:06:50.80 ===============

 

[thegraz]

Attach File


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/27/2008 1:23:24 AM
System Uptime: 9/17/2009 12:58:17 PM (1 hours ago)

Motherboard: Dell Inc. | | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 54.083 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.543 GiB free.
E: is CDROM ()
F: is CDROM ()
Y: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.57
AC3Filter (remove only)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Banctec Service Agreement
Batman: Arkham Asylum
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Butler Advantage XE 6.3
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
Easy Thumbnails (Remove only)
EDocs
EPSON Artisan 800 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ffdshow [rev 1685] [2007-12-06]
FileZilla Client 3.1.0.1
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
Haali Media Splitter
HijackThis 2.0.2
HTC Touch Pro™ User Guide
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 16
KhalSetup
kuler
LightScribe System Software 1.10.16.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Managed DirectX (1126)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
MozyHome Remote Backup
mPfMgr
Music, Photos & Videos Launcher
mWMI
Nero 8 Essentials
neroxml
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OutlookAddinSetup
PDF Settings CS4
Photoshop Camera Raw
PHP 5.3.0
Picasa 3
Product Documentation Launcher
Prototype(TM)
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SetPoint
Sprint SmartView
Spybot-S&D Distributed Testing Client
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
Synergy
System Requirements Lab
The Lord of the Rings - Conquest™
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
The Rosetta Stone
TotalAudioConverter
Turbine Download Manager - Preview 1.0.3191.15414
VCRedistSetup
Ventrilo Client
VideoLAN VLC media player 0.8.6f
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR

==== End Of File ===========================

 

[Blade81]

C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.

Hi,

I assume that was deleted too. How's the system running now?

 

[thegraz]

yes it was deleted and everything seems to be working now.

 

[thegraz]

certstore.dat seems to be reproducing itself

Malwarebytes' Anti-Malware 1.41
Database version: 2819
Windows 6.0.6001 Service Pack 1

9/18/2009 6:59:40 AM
mbam-log-2009-09-18 (06-59-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 304930
Time elapsed: 2 hour(s), 33 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.