Page 2 of 8 FirstFirst 123456 ... LastLast
Results 11 to 20 of 80

Thread: Numerous Issues Found, Can't Run Spybot or Install Latest HijackThis

  1. #11
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Apologies for the delay. I think from now on, I'll be running these scans exclusively in Safe Mode (unless instructed otherwise, of course). ComboFix took much longer than the 10 minutes it mentioned, and crashed after a reboot- the screen turned into a bunch thin tan bars.

    The good news is that the Recovery Console appears to have been installed successfully, and ComboFix ran just fine in Safe Mode.

    ComboFix Log:
    ----
    ComboFix 10-04-14.04 - Brian 04/15/2010 14:13:55.2.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1568 [GMT -4:00]
    Running from: c:\documents and settings\Brian\Desktop\Antivirus Antispamware Downloads\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\docume~1\Brian\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\Brian\Application Data\ACD Systems\ACDSee\ImageDB.ddf
    c:\documents and settings\Brian\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\windows\system32\tmp.reg
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    -- Previous Run --

    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

    --------

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
    .

    2010-04-15 17:44 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-04-15 17:44 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2010-04-12 02:44 . 2010-04-12 02:44 -------- d-----w- c:\program files\Trend Micro
    2010-04-12 02:38 . 2010-04-12 02:38 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-04-11 17:56 . 2010-04-11 17:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-04-11 17:54 . 2010-04-14 23:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-04-11 06:34 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-11 06:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-02 18:21 . 2010-04-02 18:21 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\ICS
    2010-04-01 18:45 . 2010-04-01 18:45 -------- d-----w- c:\documents and settings\Brian\Application Data\Office Genuine Advantage

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-10 17:48 . 2008-07-08 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-10 17:47 . 2008-07-08 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-10 17:07 . 2008-12-03 18:36 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-09 10:53 . 2006-06-14 17:52 64862 ----a-w- c:\windows\system32\nvModes.dat
    2010-04-01 16:43 . 2009-04-12 17:53 256 ----a-w- c:\windows\system32\pool.bin
    2010-03-30 09:19 . 2008-05-06 15:48 -------- d-----w- c:\documents and settings\Brian\Application Data\uTorrent
    2010-03-21 17:13 . 2006-06-21 01:11 -------- d-----w- c:\documents and settings\Brian\Application Data\Skype
    2010-03-21 15:30 . 2008-04-30 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
    2010-03-21 15:30 . 2008-04-30 19:14 -------- d-----w- c:\program files\Winamp Remote
    2010-03-21 15:24 . 2009-09-03 21:52 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-03-21 15:24 . 2009-09-03 21:52 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
    2010-03-21 15:02 . 2008-03-26 21:27 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM
    2010-03-11 12:38 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 21:50 . 2007-09-26 21:07 -------- d-----w- c:\program files\Winamp
    2010-03-09 21:49 . 2010-03-09 21:49 -------- d-----w- c:\program files\Winamp WINAMPONLY
    2010-03-09 21:41 . 2010-03-09 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-03-09 21:39 . 2006-06-14 18:15 -------- d-----w- c:\program files\QuickTime
    2010-03-09 21:34 . 2010-03-09 21:34 -------- d-----w- c:\program files\Common Files\Apple
    2010-03-04 16:41 . 2010-01-08 18:08 -------- d-----w- c:\program files\Defraggler
    2010-02-18 19:06 . 2010-02-18 19:06 -------- d-----w- c:\program files\TweetDeck
    2010-02-17 17:03 . 2010-02-17 17:03 -------- d-----w- c:\documents and settings\Brian\Application Data\Yahoo!
    2010-02-17 16:57 . 2009-09-02 03:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-02-10 05:10 . 2010-02-10 05:10 77916 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-21 23:37 . 2008-05-07 18:11 98184 ----a-w- c:\documents and settings\SPIDERMONKEY\ASPNET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-07 18:44 . 2008-02-07 18:44 27976 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2008-02-07 18:44 . 2008-02-07 18:44 125848 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2008-02-07 18:44 . 2008-02-07 18:44 46408 -c--a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
    2007-11-09 21:10 . 2007-11-09 21:10 30288 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-11-09 21:10 . 2007-11-09 21:10 79440 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-11-09 21:10 . 2007-11-09 21:10 75344 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-11-09 21:10 . 2007-11-09 21:10 140880 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-11-09 21:10 . 2007-11-09 21:10 42576 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-11-09 21:10 . 2007-11-09 21:10 50768 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-02-07 18:44 . 2008-02-07 18:44 98712 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2007-11-09 21:10 . 2007-11-09 21:10 34384 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2007-11-09 21:11 . 2007-11-09 21:11 685648 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-11-09 21:11 . 2007-11-09 21:11 30288 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2004-08-04 10:00 . 2004-08-11 22:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12 . 2004-08-11 22:00 50688 --sh--w- c:\windows\twain_32.dll
    2006-02-17 02:33 . 2006-02-17 02:33 1216 -csh--w- c:\windows\Twunk_16.dll
    2006-02-17 02:33 . 2006-02-17 02:33 1216 -csh--w- c:\windows\Twunk_32.dll
    2006-06-21 01:28 . 2006-06-21 01:28 88 --sh--r- c:\windows\system32\12CD8DF12B.sys
    2006-06-21 00:01 . 2006-06-21 00:01 56 --sh--r- c:\windows\system32\2BF18DCD12.sys
    2006-06-21 01:28 . 2006-06-21 00:01 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-04-14 00:11 . 2004-08-11 22:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12 . 2004-08-11 22:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 . 2004-08-11 22:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12 . 2004-08-11 22:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12 . 2004-08-11 22:00 84992 --sha-w- c:\windows\system32\olepro32.dll
    2008-04-14 00:12 . 2004-08-11 22:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "SlickRun"="c:\program files\SlickRun\sr.exe" [2007-03-21 187392]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Google Update"="c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-10 2010864]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120]
    "nwiz"="nwiz.exe" [2006-03-22 1519616]
    "NVHotkey"="nvHotkey.dll" [2006-03-22 73728]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
    "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-14 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-3 66864]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-7-29 81920]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-10 16:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GC75-Manager-Class]
    2004-04-08 10:36 766045 ------w- c:\program files\Sony Ericsson\Wireless Manager\GC75Manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2007-07-25 21:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-02-15 23:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-06-14 18:15 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
    c:\windows\system32\smss32.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/7/2007 1:16 PM 18944]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 66632]
    S2 gupdate1c99460716cd960;Google Update Service (gupdate1c99460716cd960);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 4:10 PM 133104]
    S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/4/2007 12:12 AM 202096]
    S2 MSSQL$DUMAS;MSSQL$DUMAS;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sDUMAS --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sDUMAS [?]
    S2 ReportServer;ReportServer;c:\program files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\bin\ReportingServicesService.exe [11/18/2003 9:24 AM 8192]
    S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [1/5/2004 11:01 AM 1080832]
    S3 HVNEIAM;HVNEIAM;c:\docume~1\Brian\LOCALS~1\Temp\HVNEIAM.exe --> c:\docume~1\Brian\LOCALS~1\Temp\HVNEIAM.exe [?]
    S3 klmd21;klmd21;c:\windows\system32\drivers\klmd.sys --> c:\windows\system32\drivers\klmd.sys [?]
    S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
    S3 PRSUSB;Sony Reader;c:\windows\system32\drivers\PRSUSB.sys [2/26/2007 9:51 PM 18944]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [4/23/2007 11:28 AM 10752]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 12872]
    S3 SQLAgent$DUMAS;SQLAgent$DUMAS;c:\program files\Microsoft SQL Server\MSSQL$DUMAS\binn\sqlagent.exe -i DUMAS --> c:\program files\Microsoft SQL Server\MSSQL$DUMAS\binn\sqlagent.exe -i DUMAS [?]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MDMXSDK
    .
    Contents of the 'Scheduled Tasks' folder

    2007-02-27 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21155692949.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 00:38]

    2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:10]

    2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:10]

    2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493193966-4068291066-1826140697-1005Core.job
    - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:26]

    2010-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493193966-4068291066-1826140697-1005UA.job
    - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:26]

    2010-03-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 16:22]

    2010-04-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 16:22]

    2010-04-15 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://localhost/Procurement/Admin/SiteMap.aspx
    uInternet Settings,ProxyOverride = localhost
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    LSP: VLsp.dll
    Trusted Zone: msspmmapp01
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\p6dqke3h.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
    FF - component: c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\p6dqke3h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - plugin: c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
    FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-15 14:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(272)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(1200)
    c:\windows\system32\WININET.dll
    c:\program files\Quick Search Deskbar\DQSDHost.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\program files\Quick Search Deskbar\DQSDTools.dll
    c:\windows\system32\ImgUtil.dll
    c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    .
    Completion time: 2010-04-15 14:37:28
    ComboFix-quarantined-files.txt 2010-04-15 18:37

    Pre-Run: 31,334,236,160 bytes free
    Post-Run: 31,295,283,200 bytes free

    - - End Of File - - F9395A19659548AD3798EF37BA5DB303

    ----
    HijackThis Log:
    ----

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:39:47, on 4/15/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/Procurement/Admin/SiteMap.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.msspmmapp01
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199738893296
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate1c99460716cd960) (gupdate1c99460716cd960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: HVNEIAM - Unknown owner - C:\DOCUME~1\Brian\LOCALS~1\Temp\HVNEIAM.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 14459 bytes

  2. #12
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I am looking over you CF log, there may be more to remove, be back in a bit , in the meantime do this.

    Download: DelDomains and save it to the desktop.
    • Close all open windows and your browser
    • Right Click DelDomains.inf and select > Install
    • Reboot your computer
    Internet Explorer is needed to run this program properly.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Done. I didn't see anything to report...

  4. #14
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    No report with Deldomains, that tool just reset your Internet Explorer Trusted Zone back to Microsoft defaults.

    Do you want this for your homepage, do you know it to be safe ?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/Procurement/Admin/SiteMap.aspx




    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


    Code:
    File::
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\smss32.exe
    c:\docume~1\Brian\LOCALS~1\Temp\HVNEIAM.exe
    
    Driver::
    HVNEIAM
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Quote Originally Posted by ken545 View Post
    Do you want this for your homepage, do you know it to be safe ?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/Procurement/Admin/SiteMap.aspx
    Yeah, that should be safe. That's a little code I was messing around with. Also, I use Firefox as my default browser. I rarely use IE, and I know I set that value.

    Also another thing, before I forget, I have Windows Update set up to download and wait for me to give the go ahead to install. Apparently an update downloaded and I see the little yellow shield in the task bar indicating it's ready to go, even when I'm not connected. Once we're done here, do you think that will be safe to run, and is there some way to reset that in case it's been infected? (Or perhaps this is still the malware pretending to be windows update?)

    Wow, this scan is taking forever. Hopefully I'll have those logs for you soon.

  6. #16
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    FYI: ComboFix rebooted in normal mode, and did not crash this time.

    ComboFix Log:
    ----
    ComboFix 10-04-14.04 - Brian 04/15/2010 19:04:03.3.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1604 [GMT -4:00]
    Running from: c:\documents and settings\Brian\Desktop\Antivirus Antispamware Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Brian\Desktop\Antivirus Antispamware Downloads\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\docume~1\Brian\LOCALS~1\Temp\HVNEIAM.exe"
    "c:\windows\system32\drivers\logiflt.iad"
    "c:\windows\system32\drivers\lvuvc.hs"
    "c:\windows\system32\smss32.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\drivers\lvuvc.hs

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_HVNEIAM
    -------\Service_HVNEIAM


    ((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
    .

    2010-04-15 17:44 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-04-15 17:44 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2010-04-12 02:44 . 2010-04-12 02:44 -------- d-----w- c:\program files\Trend Micro
    2010-04-12 02:38 . 2010-04-12 02:38 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-04-11 17:56 . 2010-04-11 17:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-04-11 17:54 . 2010-04-14 23:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-04-11 06:34 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-11 06:34 . 2010-04-11 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-11 06:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-02 18:21 . 2010-04-02 18:21 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\ICS
    2010-04-01 18:45 . 2010-04-01 18:45 -------- d-----w- c:\documents and settings\Brian\Application Data\Office Genuine Advantage

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-10 17:48 . 2008-07-08 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-10 17:47 . 2008-07-08 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-10 17:07 . 2008-12-03 18:36 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-09 10:53 . 2006-06-14 17:52 64862 ----a-w- c:\windows\system32\nvModes.dat
    2010-04-01 16:43 . 2009-04-12 17:53 256 ----a-w- c:\windows\system32\pool.bin
    2010-03-30 09:19 . 2008-05-06 15:48 -------- d-----w- c:\documents and settings\Brian\Application Data\uTorrent
    2010-03-21 17:13 . 2006-06-21 01:11 -------- d-----w- c:\documents and settings\Brian\Application Data\Skype
    2010-03-21 15:30 . 2008-04-30 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
    2010-03-21 15:30 . 2008-04-30 19:14 -------- d-----w- c:\program files\Winamp Remote
    2010-03-21 15:02 . 2008-03-26 21:27 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM
    2010-03-11 12:38 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 21:50 . 2007-09-26 21:07 -------- d-----w- c:\program files\Winamp
    2010-03-09 21:49 . 2010-03-09 21:49 -------- d-----w- c:\program files\Winamp WINAMPONLY
    2010-03-09 21:41 . 2010-03-09 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-03-09 21:39 . 2006-06-14 18:15 -------- d-----w- c:\program files\QuickTime
    2010-03-09 21:34 . 2010-03-09 21:34 -------- d-----w- c:\program files\Common Files\Apple
    2010-03-04 16:41 . 2010-01-08 18:08 -------- d-----w- c:\program files\Defraggler
    2010-02-18 19:06 . 2010-02-18 19:06 -------- d-----w- c:\program files\TweetDeck
    2010-02-17 17:03 . 2010-02-17 17:03 -------- d-----w- c:\documents and settings\Brian\Application Data\Yahoo!
    2010-02-17 16:57 . 2009-09-02 03:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-02-10 05:10 . 2010-02-10 05:10 77916 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-21 23:37 . 2008-05-07 18:11 98184 ----a-w- c:\documents and settings\SPIDERMONKEY\ASPNET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-07 18:44 . 2008-02-07 18:44 27976 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2008-02-07 18:44 . 2008-02-07 18:44 125848 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2008-02-07 18:44 . 2008-02-07 18:44 46408 -c--a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
    2007-11-09 21:10 . 2007-11-09 21:10 30288 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-11-09 21:10 . 2007-11-09 21:10 79440 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-11-09 21:10 . 2007-11-09 21:10 75344 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-11-09 21:10 . 2007-11-09 21:10 140880 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-11-09 21:10 . 2007-11-09 21:10 42576 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-11-09 21:10 . 2007-11-09 21:10 50768 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-02-07 18:44 . 2008-02-07 18:44 98712 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2007-11-09 21:10 . 2007-11-09 21:10 34384 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2007-11-09 21:11 . 2007-11-09 21:11 685648 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-11-09 21:11 . 2007-11-09 21:11 30288 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2004-08-04 10:00 . 2004-08-11 22:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12 . 2004-08-11 22:00 50688 --sh--w- c:\windows\twain_32.dll
    2006-02-17 02:33 . 2006-02-17 02:33 1216 -csh--w- c:\windows\Twunk_16.dll
    2006-02-17 02:33 . 2006-02-17 02:33 1216 -csh--w- c:\windows\Twunk_32.dll
    2006-06-21 01:28 . 2006-06-21 01:28 88 --sh--r- c:\windows\system32\12CD8DF12B.sys
    2006-06-21 00:01 . 2006-06-21 00:01 56 --sh--r- c:\windows\system32\2BF18DCD12.sys
    2006-06-21 01:28 . 2006-06-21 00:01 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-04-14 00:11 . 2004-08-11 22:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12 . 2004-08-11 22:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 . 2004-08-11 22:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12 . 2004-08-11 22:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12 . 2004-08-11 22:00 84992 --sha-w- c:\windows\system32\olepro32.dll
    2008-04-14 00:12 . 2004-08-11 22:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "SlickRun"="c:\program files\SlickRun\sr.exe" [2007-03-21 187392]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Google Update"="c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-10 2010864]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120]
    "nwiz"="nwiz.exe" [2006-03-22 1519616]
    "NVHotkey"="nvHotkey.dll" [2006-03-22 73728]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
    "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-14 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-3 66864]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-7-29 81920]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-10 16:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GC75-Manager-Class]
    2004-04-08 10:36 766045 ------w- c:\program files\Sony Ericsson\Wireless Manager\GC75Manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2007-07-25 21:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-02-15 23:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-06-14 18:15 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 66632]
    R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/4/2007 12:12 AM 202096]
    R2 MSSQL$DUMAS;MSSQL$DUMAS;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sDUMAS --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sDUMAS [?]
    R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/7/2007 1:16 PM 18944]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 12872]
    S2 gupdate1c99460716cd960;Google Update Service (gupdate1c99460716cd960);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 4:10 PM 133104]
    S2 ReportServer;ReportServer;c:\program files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\bin\ReportingServicesService.exe [11/18/2003 9:24 AM 8192]
    S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [1/5/2004 11:01 AM 1080832]
    S3 klmd21;klmd21;c:\windows\system32\drivers\klmd.sys --> c:\windows\system32\drivers\klmd.sys [?]
    S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
    S3 PRSUSB;Sony Reader;c:\windows\system32\drivers\PRSUSB.sys [2/26/2007 9:51 PM 18944]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [4/23/2007 11:28 AM 10752]
    S3 SQLAgent$DUMAS;SQLAgent$DUMAS;c:\program files\Microsoft SQL Server\MSSQL$DUMAS\binn\sqlagent.exe -i DUMAS --> c:\program files\Microsoft SQL Server\MSSQL$DUMAS\binn\sqlagent.exe -i DUMAS [?]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
    .
    Contents of the 'Scheduled Tasks' folder

    2007-02-27 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21155692949.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 00:38]

    2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:10]

    2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:10]

    2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493193966-4068291066-1826140697-1005Core.job
    - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:26]

    2010-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493193966-4068291066-1826140697-1005UA.job
    - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:26]

    2010-03-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 16:22]

    2010-04-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 16:22]

    2010-04-15 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://localhost/Procurement/Admin/SiteMap.aspx
    uInternet Settings,ProxyOverride = localhost
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    LSP: VLsp.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\p6dqke3h.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
    FF - component: c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\p6dqke3h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-15 19:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88B52AC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
    \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
    \Driver\atapi -> atapi.sys @ 0xb9f11852
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9e07bb0
    PacketIndicateHandler -> NDIS.sys @ 0xb9df6a0d
    SendHandler -> NDIS.sys @ 0xb9e0ab40
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(592)
    c:\windows\system32\WININET.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(652)
    c:\windows\system32\WININET.dll
    c:\windows\system32\VLsp.dll
    c:\windows\system32\VNSP.DLL

    - - - - - - - > 'explorer.exe'(9288)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\VLsp.dll
    c:\windows\system32\VNSP.DLL
    c:\program files\Quick Search Deskbar\DQSDHost.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\program files\Quick Search Deskbar\DQSDTools.dll
    c:\windows\system32\ImgUtil.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\IBM\SQLLIB\BIN\db2jds.exe
    c:\program files\IBM\SQLLIB\BIN\db2sec.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\McAfee\MSK\MskSrver.exe
    c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\stacsv.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\windows\System32\wltrysvc.exe
    c:\windows\System32\bcmwltry.exe
    c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    c:\windows\system32\rundll32.exe
    c:\windows\stsystra.exe
    c:\windows\system32\Rundll32.exe
    c:\windows\system32\WTClient.exe
    c:\docume~1\Brian\LOCALS~1\Temp\clclean.0001
    c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    c:\windows\system32\WISPTIS.EXE
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    c:\progra~1\mcafee\msc\mcupdmgr.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-15 19:40:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-15 23:40
    ComboFix2.txt 2010-04-15 18:37

    Pre-Run: 31,309,320,192 bytes free
    Post-Run: 28,911,726,592 bytes free

    - - End Of File - - A7842C4011630C4C3D0B0F3EBE486B21

    -----
    HijackThis Log:
    -----

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:42:28, on 4/15/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\stacsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\WTClient.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\SlickRun\sr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\DOCUME~1\Brian\LOCALS~1\Temp\clclean.0001
    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\HPZipm12.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/Procurement/Admin/SiteMap.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199738893296
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate1c99460716cd960) (gupdate1c99460716cd960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 18188 bytes

  7. #17
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, lets make sure there is no rootkit installed.

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)

        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report into your Post.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Is there an alternative to this tool? It keeps crashing when I run it in normal mode (even blue-screened once), and the screen is too large for me to see the buttons below the scan button when I run it in safe mode. (Yeah, this laptop has a pretty small screen. Nice for portability, terrible right now.) Or perhaps there's a version of the tool that's sized down for smaller screens? Argh!

  9. #19
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Morning,

    If you look at the end of your Combofix log, I was concerned about possible rootkit activity.

    Run this tool



    Extract the file and run it.

    Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

    Please post the content of that log TDSSKiller
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Good afternoon,

    Yeah, I was worried I might have some sort of rootkit thing going on too. But try, and try again, I couldn't get GMER to run successfully- I even let it go for something like 3 hours, and by the end of it, my machine was barely responsive, and the GMER window was completely blanked out.

    Here's the contents of the TDSSKiller Log:
    ----

    12:18:54:937 1416 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
    12:18:54:937 1416 ================================================================================
    12:18:54:937 1416 SystemInfo:

    12:18:54:937 1416 OS Version: 5.1.2600 ServicePack: 3.0
    12:18:54:937 1416 Product type: Workstation
    12:18:54:937 1416 ComputerName: SPIDERMONKEY
    12:18:54:937 1416 UserName: Brian
    12:18:54:937 1416 Windows directory: C:\WINDOWS
    12:18:54:937 1416 Processor architecture: Intel x86
    12:18:54:937 1416 Number of processors: 2
    12:18:54:937 1416 Page size: 0x1000
    12:18:54:937 1416 Boot type: Safe boot
    12:18:54:937 1416 ================================================================================
    12:18:54:937 1416 UnloadDriverW: NtUnloadDriver error 2
    12:18:54:937 1416 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    12:18:55:031 1416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    12:18:55:031 1416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    12:18:55:031 1416 wfopen_ex: Trying to KLMD file open
    12:18:55:031 1416 wfopen_ex: File opened ok (Flags 2)
    12:18:55:031 1416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    12:18:55:031 1416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    12:18:55:031 1416 wfopen_ex: Trying to KLMD file open
    12:18:55:031 1416 wfopen_ex: File opened ok (Flags 2)
    12:18:55:031 1416 Initialize success
    12:18:55:031 1416
    12:18:55:031 1416 Scanning Services ...
    12:18:58:531 1416 Raw services enum returned 461 services
    12:18:58:546 1416
    12:18:58:562 1416 Scanning Kernel memory ...
    12:18:58:562 1416 Devices to scan: 5
    12:18:58:562 1416
    12:18:58:562 1416 Driver Name: Disk
    12:18:58:562 1416 IRP_MJ_CREATE : F763DBB0
    12:18:58:562 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    12:18:58:562 1416 IRP_MJ_CLOSE : F763DBB0
    12:18:58:562 1416 IRP_MJ_READ : F7637D1F
    12:18:58:562 1416 IRP_MJ_WRITE : F7637D1F
    12:18:58:562 1416 IRP_MJ_QUERY_INFORMATION : 804F9759
    12:18:58:562 1416 IRP_MJ_SET_INFORMATION : 804F9759
    12:18:58:562 1416 IRP_MJ_QUERY_EA : 804F9759
    12:18:58:562 1416 IRP_MJ_SET_EA : 804F9759
    12:18:58:562 1416 IRP_MJ_FLUSH_BUFFERS : F76382E2
    12:18:58:562 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    12:18:58:562 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    12:18:58:562 1416 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    12:18:58:562 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    12:18:58:562 1416 IRP_MJ_DEVICE_CONTROL : F76383BB
    12:18:58:562 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
    12:18:58:562 1416 IRP_MJ_SHUTDOWN : F76382E2
    12:18:58:562 1416 IRP_MJ_LOCK_CONTROL : 804F9759
    12:18:58:562 1416 IRP_MJ_CLEANUP : 804F9759
    12:18:58:562 1416 IRP_MJ_CREATE_MAILSLOT : 804F9759
    12:18:58:562 1416 IRP_MJ_QUERY_SECURITY : 804F9759
    12:18:58:562 1416 IRP_MJ_SET_SECURITY : 804F9759
    12:18:58:562 1416 IRP_MJ_POWER : F7639C82
    12:18:58:562 1416 IRP_MJ_SYSTEM_CONTROL : F763E99E
    12:18:58:562 1416 IRP_MJ_DEVICE_CHANGE : 804F9759
    12:18:58:562 1416 IRP_MJ_QUERY_QUOTA : 804F9759
    12:18:58:562 1416 IRP_MJ_SET_QUOTA : 804F9759
    12:18:58:609 1416 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    12:18:58:609 1416
    12:18:58:609 1416 Driver Name: USBSTOR
    12:18:58:609 1416 IRP_MJ_CREATE : F777C218
    12:18:58:609 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    12:18:58:609 1416 IRP_MJ_CLOSE : F777C218
    12:18:58:609 1416 IRP_MJ_READ : F777C23C
    12:18:58:609 1416 IRP_MJ_WRITE : F777C23C
    12:18:58:609 1416 IRP_MJ_QUERY_INFORMATION : 804F9759
    12:18:58:609 1416 IRP_MJ_SET_INFORMATION : 804F9759
    12:18:58:609 1416 IRP_MJ_QUERY_EA : 804F9759
    12:18:58:609 1416 IRP_MJ_SET_EA : 804F9759
    12:18:58:609 1416 IRP_MJ_FLUSH_BUFFERS : 804F9759
    12:18:58:609 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    12:18:58:609 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    12:18:58:609 1416 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    12:18:58:609 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    12:18:58:609 1416 IRP_MJ_DEVICE_CONTROL : F777C180
    12:18:58:609 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77779E6
    12:18:58:609 1416 IRP_MJ_SHUTDOWN : 804F9759
    12:18:58:609 1416 IRP_MJ_LOCK_CONTROL : 804F9759
    12:18:58:609 1416 IRP_MJ_CLEANUP : 804F9759
    12:18:58:609 1416 IRP_MJ_CREATE_MAILSLOT : 804F9759
    12:18:58:609 1416 IRP_MJ_QUERY_SECURITY : 804F9759
    12:18:58:609 1416 IRP_MJ_SET_SECURITY : 804F9759
    12:18:58:609 1416 IRP_MJ_POWER : F777B5F0
    12:18:58:609 1416 IRP_MJ_SYSTEM_CONTROL : F7779A6E
    12:18:58:609 1416 IRP_MJ_DEVICE_CHANGE : 804F9759
    12:18:58:609 1416 IRP_MJ_QUERY_QUOTA : 804F9759
    12:18:58:609 1416 IRP_MJ_SET_QUOTA : 804F9759
    12:18:58:640 1416 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    12:18:58:640 1416
    12:18:58:640 1416 Driver Name: Disk
    12:18:58:640 1416 IRP_MJ_CREATE : F763DBB0
    12:18:58:640 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    12:18:58:640 1416 IRP_MJ_CLOSE : F763DBB0
    12:18:58:640 1416 IRP_MJ_READ : F7637D1F
    12:18:58:640 1416 IRP_MJ_WRITE : F7637D1F
    12:18:58:640 1416 IRP_MJ_QUERY_INFORMATION : 804F9759
    12:18:58:640 1416 IRP_MJ_SET_INFORMATION : 804F9759
    12:18:58:640 1416 IRP_MJ_QUERY_EA : 804F9759
    12:18:58:640 1416 IRP_MJ_SET_EA : 804F9759
    12:18:58:640 1416 IRP_MJ_FLUSH_BUFFERS : F76382E2
    12:18:58:640 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    12:18:58:640 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    12:18:58:640 1416 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    12:18:58:640 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    12:18:58:640 1416 IRP_MJ_DEVICE_CONTROL : F76383BB
    12:18:58:640 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
    12:18:58:640 1416 IRP_MJ_SHUTDOWN : F76382E2
    12:18:58:640 1416 IRP_MJ_LOCK_CONTROL : 804F9759
    12:18:58:640 1416 IRP_MJ_CLEANUP : 804F9759
    12:18:58:640 1416 IRP_MJ_CREATE_MAILSLOT : 804F9759
    12:18:58:640 1416 IRP_MJ_QUERY_SECURITY : 804F9759
    12:18:58:640 1416 IRP_MJ_SET_SECURITY : 804F9759
    12:18:58:640 1416 IRP_MJ_POWER : F7639C82
    12:18:58:640 1416 IRP_MJ_SYSTEM_CONTROL : F763E99E
    12:18:58:640 1416 IRP_MJ_DEVICE_CHANGE : 804F9759
    12:18:58:640 1416 IRP_MJ_QUERY_QUOTA : 804F9759
    12:18:58:640 1416 IRP_MJ_SET_QUOTA : 804F9759
    12:18:58:656 1416 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    12:18:58:656 1416
    12:18:58:656 1416 Driver Name: Disk
    12:18:58:656 1416 IRP_MJ_CREATE : F763DBB0
    12:18:58:656 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    12:18:58:656 1416 IRP_MJ_CLOSE : F763DBB0
    12:18:58:656 1416 IRP_MJ_READ : F7637D1F
    12:18:58:656 1416 IRP_MJ_WRITE : F7637D1F
    12:18:58:656 1416 IRP_MJ_QUERY_INFORMATION : 804F9759
    12:18:58:656 1416 IRP_MJ_SET_INFORMATION : 804F9759
    12:18:58:656 1416 IRP_MJ_QUERY_EA : 804F9759
    12:18:58:656 1416 IRP_MJ_SET_EA : 804F9759
    12:18:58:656 1416 IRP_MJ_FLUSH_BUFFERS : F76382E2
    12:18:58:656 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    12:18:58:656 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    12:18:58:656 1416 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    12:18:58:656 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    12:18:58:656 1416 IRP_MJ_DEVICE_CONTROL : F76383BB
    12:18:58:656 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
    12:18:58:656 1416 IRP_MJ_SHUTDOWN : F76382E2
    12:18:58:656 1416 IRP_MJ_LOCK_CONTROL : 804F9759
    12:18:58:656 1416 IRP_MJ_CLEANUP : 804F9759
    12:18:58:656 1416 IRP_MJ_CREATE_MAILSLOT : 804F9759
    12:18:58:656 1416 IRP_MJ_QUERY_SECURITY : 804F9759
    12:18:58:656 1416 IRP_MJ_SET_SECURITY : 804F9759
    12:18:58:656 1416 IRP_MJ_POWER : F7639C82
    12:18:58:656 1416 IRP_MJ_SYSTEM_CONTROL : F763E99E
    12:18:58:656 1416 IRP_MJ_DEVICE_CHANGE : 804F9759
    12:18:58:656 1416 IRP_MJ_QUERY_QUOTA : 804F9759
    12:18:58:656 1416 IRP_MJ_SET_QUOTA : 804F9759
    12:18:58:671 1416 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    12:18:58:671 1416
    12:18:58:671 1416 Driver Name: atapi
    12:18:58:671 1416 IRP_MJ_CREATE : F74A46F2
    12:18:58:671 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    12:18:58:671 1416 IRP_MJ_CLOSE : F74A46F2
    12:18:58:671 1416 IRP_MJ_READ : 804F9759
    12:18:58:671 1416 IRP_MJ_WRITE : 804F9759
    12:18:58:671 1416 IRP_MJ_QUERY_INFORMATION : 804F9759
    12:18:58:671 1416 IRP_MJ_SET_INFORMATION : 804F9759
    12:18:58:671 1416 IRP_MJ_QUERY_EA : 804F9759
    12:18:58:671 1416 IRP_MJ_SET_EA : 804F9759
    12:18:58:671 1416 IRP_MJ_FLUSH_BUFFERS : 804F9759
    12:18:58:671 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    12:18:58:671 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    12:18:58:671 1416 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    12:18:58:671 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    12:18:58:671 1416 IRP_MJ_DEVICE_CONTROL : F74A4712
    12:18:58:671 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852
    12:18:58:671 1416 IRP_MJ_SHUTDOWN : 804F9759
    12:18:58:671 1416 IRP_MJ_LOCK_CONTROL : 804F9759
    12:18:58:671 1416 IRP_MJ_CLEANUP : 804F9759
    12:18:58:671 1416 IRP_MJ_CREATE_MAILSLOT : 804F9759
    12:18:58:671 1416 IRP_MJ_QUERY_SECURITY : 804F9759
    12:18:58:671 1416 IRP_MJ_SET_SECURITY : 804F9759
    12:18:58:671 1416 IRP_MJ_POWER : F74A473C
    12:18:58:671 1416 IRP_MJ_SYSTEM_CONTROL : F74AB336
    12:18:58:671 1416 IRP_MJ_DEVICE_CHANGE : 804F9759
    12:18:58:671 1416 IRP_MJ_QUERY_QUOTA : 804F9759
    12:18:58:671 1416 IRP_MJ_SET_QUOTA : 804F9759
    12:18:58:718 1416 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
    12:18:58:718 1416
    12:18:58:718 1416 Completed
    12:18:58:718 1416
    12:18:58:734 1416 Results:
    12:18:58:734 1416 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    12:18:58:734 1416 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    12:18:58:734 1416 File objects infected / cured / cured on reboot: 0 / 0 / 0
    12:18:58:734 1416
    12:18:58:734 1416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    12:18:58:734 1416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    12:18:58:812 1416 KLMD(ARK) unloaded successfully

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •