-
Hi
Rebooted in safe mode with networking and combofix started. txt file below
ComboFix 11-08-15.07 - Shirley King 15/08/2011 22:21:23.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.791 [GMT 1:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *Enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Shirley King\Application Data\Adobe\plugs
c:\documents and settings\Shirley King\Application Data\Adobe\shed
c:\documents and settings\Shirley King\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Shirley King\Application Data\PriceGong
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Shirley King\WINDOWS
c:\windows\$NtUninstallKB1802$
c:\windows\$NtUninstallKB1802$\1603512166\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB1802$\1603512166\click.tlb
c:\windows\$NtUninstallKB1802$\1603512166\L\pdmzmplg
c:\windows\$NtUninstallKB1802$\1603512166\loader.tlb
c:\windows\$NtUninstallKB1802$\1603512166\U\@00000001
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000c0
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000cb
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000cf
c:\windows\$NtUninstallKB1802$\1603512166\U\@80000000
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000c0
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000cb
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000cf
c:\windows\$NtUninstallKB1802$\1896645999
c:\windows\system32\c_16845.nls
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\system
c:\windows\system32\Thumbs.db
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it 
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 17:30 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-14 18:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-14 18:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 20:14 . 2011-08-02 20:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-02 19:55 . 2011-08-02 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-31 09:51 . 2011-07-31 09:51 -------- d-----w- c:\program files\ERUNT
2011-07-28 20:27 . 2011-07-28 20:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-28 20:17 . 2011-07-28 20:17 -------- d-----w- c:\documents and settings\Shirley King\Local Settings\Application Data\Threat Expert
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\program files\IObit
2011-07-28 19:29 . 2011-04-27 14:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-28 19:29 . 2011-04-27 14:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-28 19:29 . 2011-04-27 14:37 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-07-28 19:29 . 2011-04-27 14:37 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Spyware Doctor
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-20 08:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-20 08:56 . 2011-02-18 17:38 39984 ----a-r- c:\windows\system32\drivers\vmwvusb.sys
2011-07-20 08:55 . 2011-07-20 08:55 -------- d-----w- c:\program files\Common Files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-28 19:04 . 2009-11-05 23:15 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-07-28 19:03 . 2009-11-05 23:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-07-15 13:29 . 2006-02-20 23:01 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-08-16 04:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-08-03 09:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-08-03 09:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2005-08-16 04:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-08-16 04:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-08-16 04:18 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-08-16 04:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2005-08-16 04:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-11-22 15:34 . 2009-11-22 15:37 85504 ----a-w- c:\program files\Inherit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Backup & Storage"="c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe" [2011-04-04 12273328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-03-16 300992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-04-27 247760]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shirley King\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-21 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [20/06/2010 11:10 25608]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [28/07/2011 20:03 5832712]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [20/06/2010 11:10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [20/06/2010 11:10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [20/06/2010 11:10 25736]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [20/07/2011 09:56 39984]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe --> c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [?]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
S2 DolphinInterceptorStartup;Dolphin Utility Service;c:\windows\system32\dolserve.exe --> c:\windows\system32\dolserve.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
S2 ServicepointService;ServicepointService;"c:\program files\Virgin Media\Service Manager\ServicepointService.exe" --> c:\program files\Virgin Media\Service Manager\ServicepointService.exe [?]
S2 wsnm;VMware View Client;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
S2 wsnm_usbctrl;VMware View USB Control;"c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - (no file)
HKCU-Run-V Stuff Backup - c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
AddRemove-AVS4YOU Video Converter 6_is1 - c:\my downloads\AVSVideoConverter6\unins000.exe
AddRemove-MovieJoiner - c:\documents and settings\Nick Parker\My Documents\Palm T3\Power One\Movie Joiner\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 22:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\WININET.dll
c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
.
**************************************************************************
.
Completion time: 2011-08-15 22:41:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-15 21:41
.
Pre-Run: 108,939,718,656 bytes free
Post-Run: 108,104,904,704 bytes free
.
- - End Of File - - 1F021F99CCA1828263A40DA708D6BC99
Still not able to run malwarebytes, spybot or Virgin media security.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
