Google search redirect

[GabeM]

virustotal results

File nvata.sys.bad received on 2010.01.16 16:18:25 (UTC)
Current status: finished
Result: 22/41 (53.66%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 Rootkit.Win32.TDSS!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 Win32:Alureon-EU
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.16 -
Comodo 3604 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 BackDoor.Tdss.1866
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.16 Rootkit:W32/TDSS.gen!D
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 Win32:Alureon-EU
Ikarus T3.1.1.80.0 2010.01.16 Rootkit.Win32.TDSS
Jiangmin 13.0.900 2010.01.16 Rootkit.TDSS.cza
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 Rootkit.Win32.TDSS.y
McAfee 5862 2010.01.15 Patched-SYSFile.a
McAfee+Artemis 5862 2010.01.15 Patched-SYSFile.a
McAfee-GW-Edition 6.8.5 2010.01.16 Heuristic.LooksLike.Trojan.Patched.H
Microsoft 1.5302 2010.01.16 Virus:Win32/Alureon.F
NOD32 4777 2010.01.16 Win32/Olmarik.SJ
Norman 6.04.03 2010.01.16 W32/tdss.drv.gen6
nProtect 2009.1.8.0 2010.01.16 Trojan/W32.Rootkit.105472.E
Panda 10.0.2.2 2010.01.16 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 Medium Risk Malware
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 Mal/TDSS-G
Sunbelt 3.2.1858.2 2010.01.16 Rootkit.Win32.TDSS.y (v)
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 Cryp_TIDIES-12
VBA32 3.12.12.1 2010.01.15 Rootkit.Win32.TDSL
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 Rootkit.Alureon.Gen!Pac.7
Additional information
File size: 105472 bytes
MD5...: 7322b3dcdfa56be7ed8cddf4166dad81
SHA1..: a3bccc8f5c2137a669f99306d1777709c6e7aa42
SHA256: 929580f8265607a82808d7c1d20739dbf58394c818ddbff2289b0c0d00965a91
ssdeep: 3072:SqlyIVXX9/IwkLw9EegML593uvaRmGrz5XCRRL4TgrK0mDn:1lyIVXX9/zQ
tML593uvaRmOzERN4cO
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17ea4
timedatestamp.....: 0x4536c767 (Thu Oct 19 00:31:35 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x166a4 0x16700 6.53 7609cea76aff4e1323b77552a74e8f55
.rdata 0x16a00 0x2d0 0x300 4.73 ad702daf36d333c9881c6b0529bc4c8c
.data 0x16d00 0xe4 0x100 1.39 03777d4a5d848a87e39eed778ab5ab31
PAGE 0x16e00 0x1b5 0x200 5.15 c42a76ad3d96bae2ea83574fe9f0ac73
INIT 0x17000 0xe6c 0xe80 5.51 962f171801bd386e2b615cc852aca21f
.rsrc 0x17e80 0x11a0 0x1200 6.99 afc1d03abf1f54deedcad84872016e6a
.reloc 0x19080 0xb5c 0xb80 6.11 9259932cc8e6201250797f742cb5d3fa

( 3 imports )
> ntoskrnl.exe: IoAcquireRemoveLockEx, PoCallDriver, PoStartNextPowerIrp, ObfReferenceObject, RtlCopyUnicodeString, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, KeInsertQueueDpc, KeSynchronizeExecution, MmUnmapIoSpace, MmMapIoSpace, IoFreeMdl, IoGetDeviceProperty, ZwClose, ZwQueryValueKey, ZwOpenKey, RtlInitUnicodeString, strncmp, IoBuildDeviceIoControlRequest, KeDelayExecutionThread, ZwSetValueKey, ZwCreateKey, IoOpenDeviceRegistryKey, ExAllocatePoolWithTagPriority, IoWMIRegistrationControl, IoDisconnectInterrupt, PoSetPowerState, IoReleaseRemoveLockAndWaitEx, KeBugCheckEx, KeSetEvent, sprintf, IoConnectInterrupt, IoGetDmaAdapter, KeInitializeDpc, IoIsWdmVersionAvailable, IoQueueWorkItem, IoAllocateWorkItem, ExInterlockedPopEntrySList, RtlFreeAnsiString, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoReleaseRemoveLockEx, IoAllocateIrp, MmUnlockPages, IoFreeWorkItem, IoReleaseCancelSpinLock, MmProbeAndLockPages, IoAllocateMdl, MmMapLockedPagesSpecifyCache, IoInvalidateDeviceRelations, ExInitializeNPagedLookasideList, IoInitializeTimer, RtlFindMostSignificantBit, RtlFindLeastSignificantBit, ExDeleteNPagedLookasideList, IoStopTimer, IoInvalidateDeviceState, wcscpy, PoRegisterDeviceForIdleDetection, IoStartTimer, MmBuildMdlForNonPagedPool, Mm64BitPhysicalAddress, IoAcquireCancelSpinLock, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeInitializeDeviceQueue, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlClearAllBits, RtlInitializeBitMap, RtlFindClearBitsAndSet, RtlClearBits, PsTerminateSystemThread, KeClearEvent, ObReferenceObjectByHandle, PsCreateSystemThread, KeSetTimer, KeQuerySystemTime, KeCancelTimer, KeInitializeTimer, _except_handler3, PoRequestPowerIrp, IofCompleteRequest, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlIntegerToUnicodeString, RtlAppendUnicodeStringToString, IoCreateDevice, IoAttachDeviceToDeviceStack, IoDeleteDevice, IoInitializeRemoveLockEx, IoGetConfigurationInformation, IoCreateSymbolicLink, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, IofCallDriver, KeWaitForSingleObject, ObfDereferenceObject, IoDeleteSymbolicLink, IoDetachDevice, KeInitializeSpinLock, ExFreePoolWithTag, IoFreeIrp, ExInterlockedPushEntrySList
> HAL.dll: KeStallExecutionProcessor, ExAcquireFastMutex, KeQueryPerformanceCounter, KeGetCurrentIrql, KeFlushWriteBuffer, KeRaiseIrqlToDpcLevel, KfAcquireSpinLock, KfReleaseSpinLock, KfRaiseIrql, KfLowerIrql, ExReleaseFastMutex, READ_PORT_ULONG, WRITE_PORT_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_USHORT, READ_PORT_BUFFER_UCHAR, WRITE_PORT_UCHAR, READ_PORT_UCHAR, READ_PORT_USHORT
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=461CCA490079A2019C05011464174000F85265CF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=461CCA490079A2019C05011464174000F85265CF</a>
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

 

[Blade81]

Good.

Click start->run->type cmd.exe and press enter. Type this command in command prompt window ("1 file(s) copied." should be the message you get as output):

copy C:\drivers\storage\R149470\nvata.sys C:\WINDOWS\system32\drivers\nvata.sys.bak

When done, please start the system in recovery console and run following command there:

copy C:\WINDOWS\system32\drivers\nvata.sys.bak C:\WINDOWS\system32\drivers\nvata.sys

Reboot back into normal mode and run ComboFix. Post back its report.

 

[GabeM]

Message in Recovery Console:

Overwrite nvata.sys? (Yes/No/All):

 

[Blade81]

Yes, overwrite it (sorry, forgot to mention that).

 

[GabeM]

Ok, I just keep getting all kinds of fun stuff popping up this morning.

ComboFix is letting me know an update is available. I didn't want to mess up any of the work already done. Should I update or continue using the version I've been using?

 

[Blade81]

Update to the latest one available.

 

[GabeM]

I updated per your instructions, but when the program began running it said my Avast was still running. I had disabled it prior to starting ComboFix and installing the update.

I double checked to make sure and it was still disabled. I had no choice but to click 'OK' and then the program continued running, but with a message saying it would be at my own risk since Avast was still active.

Shall I post the results anyways or should I try running it again after this scan is done?

 

[GabeM]

ComboxFix.txt

Here it is anyway. Figured it wouldn't hurt to post even if I had to rerun it.

ComboFix 10-01-15.05 - Gabe & Jessica 01/16/2010 8:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.450 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*isabled:vnc5900
"5800:TCP"= 5800:TCP:*isabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 09:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-16 09:04:30
ComboFix-quarantined-files.txt 2010-01-16 17:04
ComboFix2.txt 2010-01-15 17:25

Pre-Run: 53,594,832,896 bytes free
Post-Run: 53,561,413,632 bytes free

- - End Of File - - 9727569246E62056FA6666973B936535

 

[Blade81]

Good. Time to continue forward

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.spybot.info/showthread.php?t=54691&page=3
Collect::
c:\windows\system32\drivers\nvata.sys.bad

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Have internet connection enabled.
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?

 

[GabeM]

Kas

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 16, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 16, 2010 18:37:11
Records in database: 3320251
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 92036
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:40:09


File name / Threat / Threats count
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir Infected: Trojan.Win32.Vilsel.qte 1
C:\WINDOWS\system32\drivers\nvata.sys.bad Infected: Rootkit.Win32.TDSS.y 1
I:\Downloads\Firefox\UltraVNC_105_Setup_W32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1

Selected area has been scanned.

 

[GabeM]

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 13:56:37.73 on Sat 01/16/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.607 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gabe & Jessica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\gabe & jessica\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-01-16 18:00:55 0 d-----w- c:\windows\system32\Adobe
2010-01-16 18:00:37 0 d-----w- c:\docume~1\gabe&j~1\applic~1\SumatraPDF
2010-01-16 18:00:35 0 d-----w- c:\program files\SumatraPDF
2010-01-16 17:40:43 0 d-----w- C:\ComboFix
2010-01-16 16:33:36 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bak
2010-01-16 16:33:36 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 17:06:34 0 d-sha-r- C:\cmdcons
2010-01-15 17:05:11 98816 ----a-w- c:\windows\sed.exe
2010-01-15 17:05:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-15 17:05:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-15 17:05:11 161792 ----a-w- c:\windows\SWREG.exe
2010-01-15 01:18:25 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-15 17:54:48 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 13:59:06.56 ===============

 

[GabeM]

ComboxFix.txt

ComboFix 10-01-16.01 - Gabe & Jessica 01/16/2010 9:41.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.433 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100116-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-01-16 16:49 . 2010-01-16 16:49 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*isabled:vnc5900
"5800:TCP"= 5800:TCP:*isabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-16 09:47:13
ComboFix-quarantined-files.txt 2010-01-16 17:47
ComboFix2.txt 2010-01-16 17:04
ComboFix3.txt 2010-01-15 17:25

Pre-Run: 53,564,198,912 bytes free
Post-Run: 53,550,936,064 bytes free

- - End Of File - - B65463484CA65CE622E0F4DA131D9BC0

 

[GabeM]

Links

Hello,

All search results seem to be working properly now. I did 3 or 4 queries and clicked multiple links for each one, and they all went to the correct destination.

 

[Blade81]

Hi,

It seems you didn't run ComboFix with the cfscript.txt as instructed. Please run again with that script.

 

[GabeM]

ComboxFix.txt

ComboFix 10-01-16.04 - Gabe & Jessica 01/17/2010 8:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.501 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\windows\system32\Adobe
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\SumatraPDF
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\program files\SumatraPDF
2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 22:07 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-16 17:55 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_804.dat
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
+ 2010-01-16 18:01 . 2010-01-16 18:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-30 01:48 . 2009-06-12 03:47 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 18:00 . 2010-01-16 18:00 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 307200 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000002\UsrClass.dat
+ 2010-01-17 16:45 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-17-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 10072064 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000001\NTUSER.DAT
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*isabled:vnc5900
"5800:TCP"= 5800:TCP:*isabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 08:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 08:56:35
ComboFix-quarantined-files.txt 2010-01-17 16:56
ComboFix2.txt 2010-01-16 17:47
ComboFix3.txt 2010-01-16 17:04
ComboFix4.txt 2010-01-15 17:25

Pre-Run: 53,726,277,632 bytes free
Post-Run: 53,786,816,512 bytes free

- - End Of File - - 705639F476814792352F29D07A9F34EB

 

[Blade81]

Hi,

Did you create script file and drag'n'drop it to ComboFix like? Output indicate that ComboFix was run normally by just double clicking the icon.

Here is how I wanted it to be done:

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.spybot.info/showthread.php?t=54691&page=3
Collect::
c:\windows\system32\drivers\nvata.sys.bad

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Have internet connection enabled.
Then post the resultant log.

If you did it that way then please move ComboFix.exe to c:\ and try drag'n'drop the script file again.

 

[GabeM]

ComboFix.txt

Hi,

Both previous logs were run from the desktop, here is the one after moving ComboFix to C:

ComboFix 10-01-16.04 - Gabe & Jessica 01/17/2010 9:07.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.549 [GMT -8:00]
Running from: C:\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\windows\system32\Adobe
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\SumatraPDF
2010-01-16 18:00 . 2010-01-16 18:00 -------- d-----w- c:\program files\SumatraPDF
2010-01-16 16:33 . 2007-02-26 02:25 105472 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-15 17:02 . 2010-01-17 16:47 3827754 ----a-r- C:\ComboFix.exe
2010-01-15 01:18 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 22:07 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-16 17:55 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2010-01-15 17:54 . 2007-06-25 13:50 105472 ----a-w- c:\windows\system32\drivers\nvata.sys.bad
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_17.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_804.dat
+ 2010-01-16 17:58 . 2010-01-16 17:58 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
- 2008-06-19 02:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-06-19 02:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2009-11-02 14:38 71732 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-01-16 16:54 71732 c:\windows\system32\perfc009.dat
+ 2010-01-16 18:01 . 2010-01-16 18:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-30 01:48 . 2009-06-12 03:47 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-28 13:17 . 2010-01-15 16:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 18:00 . 2010-01-16 18:00 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2004-08-10 17:51 . 2010-01-16 16:54 442466 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-11-02 14:38 442466 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-28 13:17 . 2010-01-16 16:16 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 307200 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000002\UsrClass.dat
+ 2010-01-17 16:45 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-17-2010\ERDNT.EXE
+ 2010-01-16 11:17 . 2010-01-16 11:17 307200 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000002\UsrClass.dat
+ 2010-01-16 11:17 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\1-16-2010\ERDNT.EXE
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-17 16:45 . 2010-01-17 16:45 10072064 c:\windows\ERDNT\AutoBackup\1-17-2010\Users\00000001\NTUSER.DAT
+ 2010-01-16 11:17 . 2010-01-16 11:17 10072064 c:\windows\ERDNT\AutoBackup\1-16-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*isabled:vnc5900
"5800:TCP"= 5800:TCP:*isabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 09:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 09:13:23
ComboFix-quarantined-files.txt 2010-01-17 17:13
ComboFix2.txt 2010-01-17 16:56
ComboFix3.txt 2010-01-16 17:47
ComboFix4.txt 2010-01-16 17:04
ComboFix5.txt 2010-01-17 17:06

Pre-Run: 53,795,762,176 bytes free
Post-Run: 53,782,544,384 bytes free

- - End Of File - - A91383069285F0F3CCFE061419F77E50

 

[GabeM]

ComboFix.txt

Sorry I didn't mention above; yes I created and used the drag'n'drop file as you instructed.

 

[Blade81]

Hi,

Let's carry out the task in other way.

Please upload this file:

c:\windows\system32\drivers\nvata.sys.bad

to this website: http://www.bleepingcomputer.com/submit-malware.php?channel=4

In "Link to topic where this file was requested: " -field insert this: http://forums.spybot.info/showthread.php?t=54691&page=3

Let me know when that's done and we'll see the next steps after that.

 

[GabeM]

Hi,

The file has been successfully submitted.