Need help - infected PC

**scotsking** · 2009-11-22, 02:31

Removing mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0
Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Found mount point : C:\WINDOWS\Temp\MCE00136\MCE00136
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00136\MCE00136
Found mount point : C:\WINDOWS\Temp\MCE00137\MCE00137
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00137\MCE00137
Found mount point : C:\WINDOWS\Temp\MCE00138\MCE00138
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00138\MCE00138
Found mount point : C:\WINDOWS\Temp\MCE00139\MCE00139
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00139\MCE00139
Found mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a
Found mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b
Found mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c
Found mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d
Found mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e
Found mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f
Found mount point : C:\WINDOWS\Temp\MCE00140\MCE00140
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00140\MCE00140
Found mount point : C:\WINDOWS\Temp\MCE00141\MCE00141
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00141\MCE00141
Found mount point : C:\WINDOWS\Temp\MCE00142\MCE00142
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00142\MCE00142
Found mount point : C:\WINDOWS\Temp\MCE00143\MCE00143
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00143\MCE00143
Found mount point : C:\WINDOWS\Temp\MCE00144\MCE00144
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00144\MCE00144
Found mount point : C:\WINDOWS\Temp\MCE00145\MCE00145
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00145\MCE00145
Found mount point : C:\WINDOWS\Temp\MCE00146\MCE00146
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00146\MCE00146
Found mount point : C:\WINDOWS\Temp\MCE00147\MCE00147
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00147\MCE00147
Found mount point : C:\WINDOWS\Temp\MCE00148\MCE00148
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00148\MCE00148
Found mount point : C:\WINDOWS\Temp\MCE00149\MCE00149
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00149\MCE00149
Found mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a
Found mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b
Found mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c
Found mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d
Found mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e
Found mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f
Found mount point : C:\WINDOWS\Temp\MCE00150\MCE00150
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00150\MCE00150
Found mount point : C:\WINDOWS\Temp\MCE00151\MCE00151
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00151\MCE00151
Found mount point : C:\WINDOWS\Temp\MCE00152\MCE00152
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00152\MCE00152
Found mount point : C:\WINDOWS\Temp\MCE00153\MCE00153
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00153\MCE00153
Found mount point : C:\WINDOWS\Temp\MCE00154\MCE00154
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00154\MCE00154
Found mount point : C:\WINDOWS\Temp\MCE00155\MCE00155
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00155\MCE00155
Found mount point : C:\WINDOWS\Temp\MCE00156\MCE00156
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00156\MCE00156
Found mount point : C:\WINDOWS\Temp\MCE00157\MCE00157
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00157\MCE00157
Found mount point : C:\WINDOWS\Temp\MCE00158\MCE00158
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00158\MCE00158
Found mount point : C:\WINDOWS\Temp\MCE00159\MCE00159
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00159\MCE00159
Found mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a
Found mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b
Found mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c
Found mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d
Found mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e
Found mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f
Found mount point : C:\WINDOWS\Temp\MCE00160\MCE00160
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00160\MCE00160
Found mount point : C:\WINDOWS\Temp\MCE00161\MCE00161
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00161\MCE00161
Found mount point : C:\WINDOWS\Temp\MCE00162\MCE00162
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00162\MCE00162
Found mount point : C:\WINDOWS\Temp\MCE00163\MCE00163
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00163\MCE00163
Found mount point : C:\WINDOWS\Temp\MCE00164\MCE00164
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00164\MCE00164
Found mount point : C:\WINDOWS\Temp\MCE00165\MCE00165
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00165\MCE00165
Found mount point : C:\WINDOWS\Temp\MCE00166\MCE00166
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00166\MCE00166
Found mount point : C:\WINDOWS\Temp\MCE00167\MCE00167
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00167\MCE00167
Found mount point : C:\WINDOWS\Temp\MCE00168\MCE00168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00168\MCE00168
Found mount point : C:\WINDOWS\Temp\MCE00169\MCE00169
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00169\MCE00169
Found mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a
Found mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b
Found mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c
Found mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d
Found mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e
Found mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f
Found mount point : C:\WINDOWS\Temp\MCE00170\MCE00170
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00170\MCE00170
Found mount point : C:\WINDOWS\Temp\MCE00171\MCE00171
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00171\MCE00171
Found mount point : C:\WINDOWS\Temp\MCE00172\MCE00172
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00172\MCE00172
Found mount point : C:\WINDOWS\Temp\MCE00173\MCE00173
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00173\MCE00173
Found mount point : C:\WINDOWS\Temp\MCE00174\MCE00174
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00174\MCE00174
Found mount point : C:\WINDOWS\Temp\MCE00175\MCE00175
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00175\MCE00175
Found mount point : C:\WINDOWS\Temp\MCE00176\MCE00176
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00176\MCE00176
Found mount point : C:\WINDOWS\Temp\MCE00177\MCE00177
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00177\MCE00177
Found mount point : C:\WINDOWS\Temp\MCE00178\MCE00178
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00178\MCE00178
Found mount point : C:\WINDOWS\Temp\MCE00179\MCE00179
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00179\MCE00179
Found mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a
Found mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b
Found mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c
Found mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d
Found mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e
Found mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f
Found mount point : C:\WINDOWS\Temp\MCE00180\MCE00180
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00180\MCE00180
Found mount point : C:\WINDOWS\Temp\MCE00181\MCE00181
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00181\MCE00181
Found mount point : C:\WINDOWS\Temp\MCE00182\MCE00182
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00182\MCE00182
Found mount point : C:\WINDOWS\Temp\MCE00183\MCE00183
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00183\MCE00183
Found mount point : C:\WINDOWS\Temp\MCE00184\MCE00184
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00184\MCE00184
Found mount point : C:\WINDOWS\Temp\MCE00185\MCE00185
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00185\MCE00185
Found mount point : C:\WINDOWS\Temp\MCE00186\MCE00186
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00186\MCE00186
Found mount point : C:\WINDOWS\Temp\MCE00187\MCE00187
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00187\MCE00187
Found mount point : C:\WINDOWS\Temp\MCE00188\MCE00188
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00188\MCE00188
Found mount point : C:\WINDOWS\Temp\MCE00189\MCE00189
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00189\MCE00189
Found mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a
Found mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b
Found mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c
Found mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d
Found mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e
Found mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f
Found mount point : C:\WINDOWS\Temp\MCE00190\MCE00190
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00190\MCE00190
Found mount point : C:\WINDOWS\Temp\MCE00191\MCE00191
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00191\MCE00191
Found mount point : C:\WINDOWS\Temp\MCE00192\MCE00192
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00192\MCE00192
Found mount point : C:\WINDOWS\Temp\MCE00193\MCE00193
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00193\MCE00193
Found mount point : C:\WINDOWS\Temp\MCE00194\MCE00194
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00194\MCE00194
Found mount point : C:\WINDOWS\Temp\MCE00195\MCE00195
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00195\MCE00195
Found mount point : C:\WINDOWS\Temp\MCE00196\MCE00196
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00196\MCE00196
Found mount point : C:\WINDOWS\Temp\MCE00197\MCE00197
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00197\MCE00197
Found mount point : C:\WINDOWS\Temp\MCE00198\MCE00198
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00198\MCE00198
Found mount point : C:\WINDOWS\Temp\MCE00199\MCE00199
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00199\MCE00199
Found mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a
Found mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b
Found mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c
Found mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d
Found mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e
Found mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f
Found mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0
Found mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1
Found mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2
Found mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3
Found mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4
Found mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5
Found mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6
Found mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7
Found mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8
Found mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9
Found mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa
Found mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab
Found mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac
Found mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad
Found mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae
Found mount point : C:\WINDOWS\Temp\MCE001af\MCE001af
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001af\MCE001af
Found mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0
Found mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1
Found mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2
Found mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3
Found mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4
Found mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5
Found mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6
Found mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7
Found mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8
Found mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9
Found mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba
Found mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb
Found mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc
Found mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd
Found mount point : C:\WINDOWS\Temp\MCE001be\MCE001be
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001be\MCE001be
Found mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf
Found mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0
Found mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1
Found mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2
Found mount point : C\WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86
Mount point destination : \Device\__max++>\^
Removing mount point : C\:WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86
Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data
Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Finished!

**Blade81** · 2009-11-22, 11:26

Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**scotsking** · 2009-11-22, 14:53

had a couple of issues with Combofix.
PC guard still running unable to stop as I can no longer run the program (same error as with IE at start). Also Combofix could not load the system restore.
On reboot system came up with a RUNDLL error (error loading CTMBHA.DLL invalid access to memory location.

**scotsking** · 2009-11-22, 14:53

ComboFix 09-11-21.03 - Shirley King 22/11/2009 13:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT 0:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\kb913800.exe
c:\windows\system32\Data

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 13:05 . 2009-11-22 13:15 -------- d-----w- c:\documents and settings\Shirley King\Application Data\Virgin Broadband
2009-11-21 13:07 . 2009-11-21 13:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 23:15 . 2008-11-26 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 . 2008-08-06 21:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 . 2008-08-28 13:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\program files\Raxco
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-05 23:12 . 2009-11-05 23:14 -------- d-----w- c:\program files\Virgin Broadband
2009-11-05 20:04 . 2009-11-22 13:40 3809824 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-05 19:46 . 2009-11-22 13:41 96544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:14 . 2009-11-05 23:17 -------- d-----w- c:\documents and settings\Nick Parker\Application Data\Virgin Broadband
2009-11-05 19:14 . 2009-11-05 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-03 17:17 . 2009-11-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 17:16 . 2009-11-03 17:34 -------- d-----w- c:\program files\STOPzilla!
2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 17:16 . 2009-11-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-03 15:31 . 2009-11-03 15:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-03 13:03 . 2009-11-21 18:03 0 ----a-w- c:\windows\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 13:38 . 2009-11-05 20:04 52952 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 13:38 . 2009-11-05 19:46 11048 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 23:13 . 2006-02-20 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\program files\McAfee
2009-11-05 20:10 . 2006-02-20 23:32 -------- d-----w- c:\program files\McAfee.com
2009-11-04 19:47 . 2007-06-30 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:43 . 2007-06-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 17:18 . 2009-11-03 17:18 384 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:43 . 2008-08-03 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:43 . 2008-10-05 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-03 16:36 . 2009-10-03 16:34 -------- d-----w- c:\program files\iTunes
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\program files\iPod
2009-10-03 16:34 . 2009-06-20 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 16:27 . 2009-10-03 16:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2008-08-03 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-03 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:11 . 2006-02-25 16:32 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 04:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 04:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 04:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 18:42 . 2009-06-20 18:19 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-20 18:19 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2005-08-16 04:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-10-10 21:13 . 2006-10-10 21:13 100448 ----a-w- c:\program files\MC
2007-12-22 15:43 . 2006-02-25 16:53 56 --sh--r- c:\windows\system32\8731209D39.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"HostManager"="c:\program files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 50736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2006-2-26 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-20 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\Stopzilla!\Toolbar\Extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

BHO-{6BC5308C-CC79-4EEC-AB32-5AC866EDE457} - (no file)
BHO-{7C422B5F-0021-4C34-906D-4D1C32B863EA} - (no file)
BHO-{8F7BA1DE-ED6D-4510-AAA4-5656FF9B4F41} - (no file)
AddRemove-HijackThis - c:\documents and settings\Shirley King\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-22 13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-22 13:48
ComboFix2.txt 2008-08-03 12:37

Pre-Run: 99,421,155,328 bytes free
Post-Run: 99,419,541,504 bytes free

- - End Of File - - 244C3C1950D50A91ADFCBB58A08385F3

**scotsking** · 2009-11-22, 14:54

DDS (Ver_09-09-29.01) - NTFSx86
Run by Shirley King at 13:50:42.70 on 22/11/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.485 [GMT 0:00]

AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Common Files\AOL\1183232413\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shirley King\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: RepliGoIEHelperCtl Class: {91de4477-9cdc-4806-9bcb-28a963988e94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &RepliGo: {81f4066b-f330-4872-8094-3e9fbccec8c1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HostManager] c:\program files\common files\aol\1183232413\ee\AOLSoftware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216545191984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shirle~1\applic~1\mozilla\firefox\profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-11-5 179984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\virgin broadband\pcguard\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\virgin broadband\pcguard\RpsSecurityAwareR.exe [2009-5-27 170736]

=============== Created Last 30 ================

2009-11-22 13:17 260,608 a------- c:\windows\PEV.exe
2009-11-22 13:17 161,792 a------- c:\windows\SWREG.exe
2009-11-22 13:17 98,816 a------- c:\windows\sed.exe
2009-11-22 13:17 77,312 a------- c:\windows\MBR.exe
2009-11-22 13:05 <DIR> --d----- c:\docume~1\shirle~1\applic~1\Virgin Broadband
2009-11-21 13:07 664 a------- c:\windows\system32\d3d9caps.dat
2009-11-15 17:36 20 a------- c:\windows\system32\SYSTEM
2009-11-05 23:15 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 <DIR> --d----- c:\program files\Raxco
2009-11-05 23:12 <DIR> --d----- c:\program files\Virgin Broadband
2009-11-05 20:04 3,824,160 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-11-05 20:04 52,952 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-11-05 19:46 98,336 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:46 11,048 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 19:29 40 a------- c:\windows\system32\????????????????????????????????????g
2009-11-05 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-11-03 17:18 384 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-03 17:16 <DIR> --d----- c:\program files\STOPzilla!
2009-11-03 17:16 <DIR> --d----- c:\program files\common files\iS3
2009-11-03 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-03 13:03 0 a------- c:\windows\win32k.sys

==================== Find3M ====================

2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-06 16:11 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 a------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2006-10-10 21:13 100,448 a------- c:\program files\MC
2007-12-22 15:43 56 ---shr-- c:\windows\system32\8731209D39.sys
2008-08-03 15:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat

============= FINISH: 13:51:17.23 ===============

**Blade81** · 2009-11-22, 16:29

Hi,

PC guard still running unable to stop as I can no longer run the program (same error as with IE at start).

Download this file to your desktop.

1. Copy Inherit.exe to c:\program files\virgin broadband folder, goto that folder and then drag 'n' drop pcguard folder to Inherit file.

2. Copy Inherit.exe to C:\Program Files folder, goto that folder and drag 'n' drop Internet Explorer folder to Inherit file.

Are you able to access PCGuard and Internet Explorer now?

Also Combofix could not load the system restore.

Does your internet connection work ok? Were you shown any reason why recovery console installation failed?

**scotsking** · 2009-11-22, 16:46

Hi there

Both internet explorer & PCguard are now working ok.

The recovery console came up with message about not being able to access/find?? files.

I can't fully remember the message and sorry but I did not write that one down.
have been accessing internet through mozilla today fine on the PC.

Things seem to be ok now (Excel & word open without errors and can drag & drop items to desktop)

Thanks

**Blade81** · 2009-11-22, 17:19

Good to hear that things are improving. However, we have still some stuff left to be done there

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
type c:\boot.ini >Log.txt 1>&2
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

**scotsking** · 2009-11-22, 19:09

Hi there

ComboFix 08-08-02.01 - Shirley King 2008-08-03 13:32:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.560 [GMT 1:00]
Running from: C:\Documents and Settings\Shirley King\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix.txt
C:\WINDOWS\system32\beekgsda.ini
C:\WINDOWS\system32\dfktdnmy.ini
C:\WINDOWS\system32\eromxmtm.ini
C:\WINDOWS\system32\fkvgsyuj.ini
C:\WINDOWS\system32\gvcadr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vorkwhyi.ini
C:\WINDOWS\system32\wnhogmbn.ini
C:\WINDOWS\system32\xuggbxpf.ini
C:\WINDOWS\system32\ycxmdtwi.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Documents and Settings\Shirley King\Application Data\Malwarebytes
2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 10:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-03 10:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 20:25 . 2008-07-22 20:25 43,581 ---hs---- C:\WINDOWS\system32\avhxiyex.ini
2008-07-22 20:23 . 2008-07-22 20:23 43,521 ---hs---- C:\WINDOWS\system32\culrjhyy.ini
2008-07-20 16:05 . 2008-07-20 16:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 13:48 . 2008-07-20 18:21 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-20 13:24 . 2008-07-20 13:24 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 19:25 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-28 17:44 --------- d-----w C:\Program Files\Java
2008-07-16 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 19:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:36 --------- d-----w C:\Program Files\McAfee
2008-06-22 11:37 --------- d-----w C:\Documents and Settings\Nick Parker\Application Data\SiteAdvisor
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-26 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-26 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2006-10-10 21:13 100,448 ----a-w C:\Program Files\MC
2006-08-28 15:09 284 ----a-w C:\Documents and Settings\Nick Parker\Application Data\ViewerApp.dat
2007-12-22 15:43 56 --sh--r C:\WINDOWS\system32\8731209D39.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51 306688]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 20:31 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42 1159168]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06 71216]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-21 00:31 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 15:17 78960]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 01:08 106496]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 05:00 98304]
"RepliGo Assistant"="C:\Program Files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 20:19 172032]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 05:37 36904]
"HostManager"="C:\Program Files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

C:\Documents and Settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2006-02-26 20:39:31 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-02-21 00:31:21 156784]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-03-05 12:03:01 24576]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-10-20 23:23:47 303104]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 15:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-03-02 20:01:12 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-03-02 20:01:09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2007-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2007-06-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.ntlworld.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Google Search
O8 -: &Translate English Word
O8 -: Backward Links
O8 -: Cached Snapshot of Page
O8 -: Similar Pages
O8 -: Translate Page into English

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 13:36:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-03 13:37:28
ComboFix-quarantined-files.txt 2008-08-03 12:37:23

Pre-Run: 102,028,103,680 bytes free
Post-Run: 102,088,867,840 bytes free

176 --- E O F --- 2008-07-08 22:01:24

**Blade81** · 2009-11-22, 19:17

Hi,

Where did that over a year old ComboFix log came from? Please generate & run the batch file as shown in my previous post. Notepad should open up with totally different output

Thread: Need help - infected PC

Thread Tools

Display

the rest

Hi again

Combofix

dds

Fixes

Posting Permissions