TR/Spy.Ursnif.1 found in Avira. Need help ASAP.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BillHates

Thread Starter
Joined
Aug 25, 2002
Messages
275
Just did a scan but this was a hidden files scan (scan before an actual scan). Came up that all my important exe/processes (such as explorer.exe and exe for my malware/anti-virus) were infected with TR/Spy.Ursnif.1 according to Avira Anti-Virus Free Edition. I aborted the scan because I didn't want to remove anything I shouldn't.

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:22 AM, on 4/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\system32\ezSP_Px.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfgu.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unippm.co.uk/launchpage/UK/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NETGEAR WG511U Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{219E736C-DB38-4F20-94B3-4FE7D1292565}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
 

BillHates

Thread Starter
Joined
Aug 25, 2002
Messages
275
Here's my combofix log...

ComboFix 10-04-19.08 - Administrator 04/20/2010 15:55:30.2.1 - x86
Running from: d:\documents and settings\Administrator\Desktop\ComboFix2.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
d:\documents and settings\Administrator\Application Data\Desktopicon
d:\documents and settings\Administrator\Application Data\Desktopicon\eBay.ico
d:\documents and settings\Administrator\Application Data\Desktopicon\uninst.exe
d:\documents and settings\Administrator\Application Data\inst.exe
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome.manifest
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome\content\_cfg.js
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome\content\overlay.xul
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\install.rdf
d:\recycler\S-1-5-21-1089850864-4006996682-2065273338-1005
d:\recycler\S-1-5-21-343818398-507921405-1957994488-1003
d:\windows\system32\dumphive.exe
d:\windows\system32\Process.exe
d:\windows\system32\SrchSTS.exe
d:\windows\system32\tmp.reg
d:\windows\system32\VCCLSID.exe
d:\windows\system32\WS2Fix.exe

d:\windows\system32\msgsvc.dll . . . is infected!!

d:\windows\system32\calc.exe . . . is infected!!

d:\windows\system32\mmc.exe . . . is infected!!

d:\windows\system32\mstsc.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 22:30 . 2010-04-20 22:31 -------- d-----w- D:\32788R22FWJFW
2010-04-18 19:41 . 2010-04-13 00:29 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-18 16:51 . 2010-03-30 07:46 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 16:49 . 2010-03-30 07:45 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-18 16:49 . 2010-04-18 16:51 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-04-12 23:58 . 2010-04-12 23:58 0 ----a-w- d:\windows\Hxeheyegu.bin
2010-04-12 23:58 . 2010-04-12 23:58 120 ----a-w- d:\windows\Rbebumamumu.dat
2010-04-07 14:00 . 2010-04-07 14:00 -------- d-----w- d:\program files\iPod
2010-04-07 14:00 . 2010-04-07 14:02 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 13:51 . 2010-04-07 13:52 -------- d-----w- d:\program files\QuickTime
2010-04-07 13:40 . 2010-04-07 13:40 -------- d-----w- d:\program files\Bonjour
2010-03-31 21:40 . 2010-03-31 21:40 -------- d-----w- d:\documents and settings\Administrator\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 19:23 . 2009-09-24 03:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek
2010-04-18 19:52 . 2006-06-01 12:41 -------- d-----w- d:\program files\Java
2010-04-18 19:03 . 2006-06-01 12:40 -------- d-----w- d:\program files\Common Files\Java
2010-04-11 13:17 . 2009-02-01 19:00 181096 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\FlashGot.exe
2010-04-07 14:02 . 2010-02-07 19:13 -------- d-----w- d:\program files\iTunes
2010-04-07 14:00 . 2007-11-22 05:57 -------- d-----w- d:\program files\Common Files\Apple
2010-04-07 13:47 . 2006-11-05 03:57 -------- d-----w- d:\program files\Apple Software Update
2010-04-06 23:15 . 2010-03-06 00:21 -------- d-----w- d:\documents and settings\Administrator\Application Data\dvdcss
2010-04-06 23:13 . 2006-06-01 11:51 -------- d-----w- d:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-30 23:35 . 2008-01-31 07:58 -------- d-----w- d:\documents and settings\Administrator\Application Data\Vso
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\documents and settings\Administrator\Application Data\pcouffin.sys
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\documents and settings\Administrator\Application Data\pcouffin.sys
2010-03-30 23:34 . 2010-03-12 14:26 -------- d-----w- d:\program files\DVDFab 7
2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-26 04:49 . 2010-04-16 13:11 66048 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
2010-03-21 05:15 . 2010-02-15 06:48 -------- d-----w- d:\program files\Debugging Tools for Windows (x86)
2010-03-13 13:53 . 2006-04-04 06:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-13 13:47 . 2009-08-05 09:44 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-03-07 00:22 . 2010-03-07 00:22 -------- d-----w- d:\program files\Xilisoft
2010-03-06 01:09 . 2009-09-03 09:50 -------- d-----w- d:\program files\Google
2010-03-01 16:05 . 2010-02-15 09:55 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys
2010-02-27 21:19 . 2010-02-27 21:19 -------- d-----w- d:\program files\Aimersoft
2010-02-23 21:44 . 2009-08-08 00:34 -------- d-----w- d:\program files\Microsoft Silverlight
2010-02-22 12:05 . 2010-02-22 12:05 -------- d-----w- d:\program files\Common Files\Windows Live
2010-02-16 20:24 . 2010-02-15 09:55 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2010-02-15 09:25 . 2009-02-28 14:20 0 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- d:\windows\system32\dns-sd.exe
2006-05-06 16:42 . 2006-11-06 02:22 7260160 ----a-w- d:\program files\mozilla firefox\plugins\libvlc.dll
2007-11-22 09:26 . 2007-11-22 09:04 72 --sh--w- d:\windows\S523CC2AB.tmp
2008-08-31 13:09 . 2008-08-31 13:09 56 --sh--r- d:\windows\system32\F8B1240F38.sys
2008-08-31 13:09 . 2008-08-31 13:09 1682 --sha-w- d:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="d:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="d:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511U Smart Wizard.lnk - c:\program files\NETGEAR\WAG511 Configuration Utility\wlancfgu.exe [2006-4-4 503870]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=d:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=d:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 04:58 47392 ----a-w- d:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2003-06-13 21:48 28672 ----a-w- d:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2002-12-31 12:00 15360 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 17:29 40960 ----a-w- d:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 04:27 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 16:34 81920 ----a-w- d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-08 00:21 54832 ----a-w- d:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 14:50 2656528 ----a-w- d:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M2SAtualiza]
2008-04-25 04:49 90112 ----a-w- d:\program files\M2S\Instalação M2S\M2SAtualiza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-10-13 00:51 692321 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 18:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-08 00:24 71216 ------w- d:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-27 07:36 185896 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- d:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- d:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2/15/2010 2:55 AM 135336]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/18/2010 9:51 AM 303952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [4/4/2006 12:29 AM 17149]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [4/18/2010 9:49 AM 20824]
R3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;d:\windows\system32\drivers\wg51und5.sys [4/4/2006 12:29 AM 397152]
S0 ntcdrdrv;ntcdrdrv;d:\windows\system32\DRIVERS\ntcdrdrv.sys --> d:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 2:50 AM 133104]
S3 AWINDIS5;AWINDIS5 Protocol Driver;d:\windows\system32\AWINDIS5.SYS [4/14/2009 9:05 PM 16194]
S3 DCamUSBSony4;Sony Visual Communication Camera;d:\windows\system32\drivers\snyucam4.sys [6/1/2006 3:54 AM 424127]
S3 DCamUSBSonyA4;Sony USB Microphone;d:\windows\system32\drivers\snyuflt4.sys [6/1/2006 3:54 AM 6019]
S3 NUVision;NUVision Video Service;d:\windows\system32\drivers\NUVision.sys [6/27/2006 8:37 PM 135424]
S4 Rdp139pefxa;Rdp139pefxa; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-07 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-04-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 09:50]

2010-04-20 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 09:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.unippm.co.uk/launchpage/UK/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
TCP: {219E736C-DB38-4F20-94B3-4FE7D1292565} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmeadax.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-AnyDVD - d:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-avast! - d:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-AVG8_TRAY - d:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-LogitechCommunicationsManager - d:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-MSMSGS - d:\program files\Messenger\msmsgs.exe
MSConfigStartUp-NBKeyScan - d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NoteBurner - d:\program files\NoteBurner\VTBurnerGUI.exe
MSConfigStartUp-Performance Center - d:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Veoh - d:\program files\Veoh Networks\Veoh\VeohClient.exe
AddRemove-eBay Icon - d:\documents and settings\Administrator\Application Data\Desktopicon\uninst.exe
AddRemove-HijackThis - d:\docume~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:38,bc,0a,91,92,24,4d,38,fb,a6,91,19,21,93,73,22,fe,b0,ba,a8,1d,
6d,33,97,0e,98,a8,ed,a1,70,4b,cd,fd,d1,b7,4a,9d,df,cc,d0,b1,ad,b6,97,32,70,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:38,bc,0a,91,92,24,4d,38,fb,a6,91,19,21,93,73,22,fe,b0,ba,a8,1d,
6d,33,97,0e,98,a8,ed,a1,70,4b,cd,fd,d1,b7,4a,9d,df,cc,d0,b1,ad,b6,97,32,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4292)
d:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\program files\CyberLink\Shared files\RichVideo.exe
d:\program files\Viewpoint\Common\ViewpointService.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-20 16:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 23:52

Pre-Run: 11,401,095,680 bytes free
Post-Run: 13,851,741,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - A9E0653463A54D3B724A312E0F8855B6
 

BillHates

Thread Starter
Joined
Aug 25, 2002
Messages
275
Here's my combofix log...

ComboFix 10-04-19.08 - Administrator 04/20/2010 15:55:30.2.1 - x86
Running from: d:\documents and settings\Administrator\Desktop\ComboFix2.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
d:\documents and settings\Administrator\Application Data\Desktopicon
d:\documents and settings\Administrator\Application Data\Desktopicon\eBay.ico
d:\documents and settings\Administrator\Application Data\Desktopicon\uninst.exe
d:\documents and settings\Administrator\Application Data\inst.exe
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome.manifest
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome\content\_cfg.js
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\chrome\content\overlay.xul
d:\documents and settings\Administrator\Local Settings\Application Data\{EF514165-474B-4089-B612-E9A6C5C1A437}\install.rdf
d:\recycler\S-1-5-21-1089850864-4006996682-2065273338-1005
d:\recycler\S-1-5-21-343818398-507921405-1957994488-1003
d:\windows\system32\dumphive.exe
d:\windows\system32\Process.exe
d:\windows\system32\SrchSTS.exe
d:\windows\system32\tmp.reg
d:\windows\system32\VCCLSID.exe
d:\windows\system32\WS2Fix.exe

d:\windows\system32\msgsvc.dll . . . is infected!!

d:\windows\system32\calc.exe . . . is infected!!

d:\windows\system32\mmc.exe . . . is infected!!

d:\windows\system32\mstsc.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 22:30 . 2010-04-20 22:31 -------- d-----w- D:\32788R22FWJFW
2010-04-18 19:41 . 2010-04-13 00:29 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-18 16:51 . 2010-03-30 07:46 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 16:49 . 2010-03-30 07:45 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-18 16:49 . 2010-04-18 16:51 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-04-12 23:58 . 2010-04-12 23:58 0 ----a-w- d:\windows\Hxeheyegu.bin
2010-04-12 23:58 . 2010-04-12 23:58 120 ----a-w- d:\windows\Rbebumamumu.dat
2010-04-07 14:00 . 2010-04-07 14:00 -------- d-----w- d:\program files\iPod
2010-04-07 14:00 . 2010-04-07 14:02 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 13:51 . 2010-04-07 13:52 -------- d-----w- d:\program files\QuickTime
2010-04-07 13:40 . 2010-04-07 13:40 -------- d-----w- d:\program files\Bonjour
2010-03-31 21:40 . 2010-03-31 21:40 -------- d-----w- d:\documents and settings\Administrator\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 19:23 . 2009-09-24 03:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek
2010-04-18 19:52 . 2006-06-01 12:41 -------- d-----w- d:\program files\Java
2010-04-18 19:03 . 2006-06-01 12:40 -------- d-----w- d:\program files\Common Files\Java
2010-04-11 13:17 . 2009-02-01 19:00 181096 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\FlashGot.exe
2010-04-07 14:02 . 2010-02-07 19:13 -------- d-----w- d:\program files\iTunes
2010-04-07 14:00 . 2007-11-22 05:57 -------- d-----w- d:\program files\Common Files\Apple
2010-04-07 13:47 . 2006-11-05 03:57 -------- d-----w- d:\program files\Apple Software Update
2010-04-06 23:15 . 2010-03-06 00:21 -------- d-----w- d:\documents and settings\Administrator\Application Data\dvdcss
2010-04-06 23:13 . 2006-06-01 11:51 -------- d-----w- d:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-30 23:35 . 2008-01-31 07:58 -------- d-----w- d:\documents and settings\Administrator\Application Data\Vso
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\documents and settings\Administrator\Application Data\pcouffin.sys
2010-03-30 23:34 . 2008-01-31 07:58 47360 ----a-w- d:\documents and settings\Administrator\Application Data\pcouffin.sys
2010-03-30 23:34 . 2010-03-12 14:26 -------- d-----w- d:\program files\DVDFab 7
2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-26 04:49 . 2010-04-16 13:11 66048 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
2010-03-21 05:15 . 2010-02-15 06:48 -------- d-----w- d:\program files\Debugging Tools for Windows (x86)
2010-03-13 13:53 . 2006-04-04 06:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-13 13:47 . 2009-08-05 09:44 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-03-07 00:22 . 2010-03-07 00:22 -------- d-----w- d:\program files\Xilisoft
2010-03-06 01:09 . 2009-09-03 09:50 -------- d-----w- d:\program files\Google
2010-03-01 16:05 . 2010-02-15 09:55 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys
2010-02-27 21:19 . 2010-02-27 21:19 -------- d-----w- d:\program files\Aimersoft
2010-02-23 21:44 . 2009-08-08 00:34 -------- d-----w- d:\program files\Microsoft Silverlight
2010-02-22 12:05 . 2010-02-22 12:05 -------- d-----w- d:\program files\Common Files\Windows Live
2010-02-16 20:24 . 2010-02-15 09:55 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2010-02-15 09:25 . 2009-02-28 14:20 0 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- d:\windows\system32\dns-sd.exe
2006-05-06 16:42 . 2006-11-06 02:22 7260160 ----a-w- d:\program files\mozilla firefox\plugins\libvlc.dll
2007-11-22 09:26 . 2007-11-22 09:04 72 --sh--w- d:\windows\S523CC2AB.tmp
2008-08-31 13:09 . 2008-08-31 13:09 56 --sh--r- d:\windows\system32\F8B1240F38.sys
2008-08-31 13:09 . 2008-08-31 13:09 1682 --sha-w- d:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="d:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="d:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511U Smart Wizard.lnk - c:\program files\NETGEAR\WAG511 Configuration Utility\wlancfgu.exe [2006-4-4 503870]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=d:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=d:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 04:58 47392 ----a-w- d:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2003-06-13 21:48 28672 ----a-w- d:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2002-12-31 12:00 15360 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 17:29 40960 ----a-w- d:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 04:27 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 16:34 81920 ----a-w- d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-08 00:21 54832 ----a-w- d:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 14:50 2656528 ----a-w- d:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M2SAtualiza]
2008-04-25 04:49 90112 ----a-w- d:\program files\M2S\Instalação M2S\M2SAtualiza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-10-13 00:51 692321 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 18:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-08 00:24 71216 ------w- d:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-27 07:36 185896 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- d:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- d:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2/15/2010 2:55 AM 135336]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/18/2010 9:51 AM 303952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [4/4/2006 12:29 AM 17149]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [4/18/2010 9:49 AM 20824]
R3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;d:\windows\system32\drivers\wg51und5.sys [4/4/2006 12:29 AM 397152]
S0 ntcdrdrv;ntcdrdrv;d:\windows\system32\DRIVERS\ntcdrdrv.sys --> d:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 2:50 AM 133104]
S3 AWINDIS5;AWINDIS5 Protocol Driver;d:\windows\system32\AWINDIS5.SYS [4/14/2009 9:05 PM 16194]
S3 DCamUSBSony4;Sony Visual Communication Camera;d:\windows\system32\drivers\snyucam4.sys [6/1/2006 3:54 AM 424127]
S3 DCamUSBSonyA4;Sony USB Microphone;d:\windows\system32\drivers\snyuflt4.sys [6/1/2006 3:54 AM 6019]
S3 NUVision;NUVision Video Service;d:\windows\system32\drivers\NUVision.sys [6/27/2006 8:37 PM 135424]
S4 Rdp139pefxa;Rdp139pefxa; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-07 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-04-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 09:50]

2010-04-20 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 09:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.unippm.co.uk/launchpage/UK/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
TCP: {219E736C-DB38-4F20-94B3-4FE7D1292565} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pw3m95nh.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmeadax.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-AnyDVD - d:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-avast! - d:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-AVG8_TRAY - d:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-LogitechCommunicationsManager - d:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-MSMSGS - d:\program files\Messenger\msmsgs.exe
MSConfigStartUp-NBKeyScan - d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NoteBurner - d:\program files\NoteBurner\VTBurnerGUI.exe
MSConfigStartUp-Performance Center - d:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Veoh - d:\program files\Veoh Networks\Veoh\VeohClient.exe
AddRemove-eBay Icon - d:\documents and settings\Administrator\Application Data\Desktopicon\uninst.exe
AddRemove-HijackThis - d:\docume~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:38,bc,0a,91,92,24,4d,38,fb,a6,91,19,21,93,73,22,fe,b0,ba,a8,1d,
6d,33,97,0e,98,a8,ed,a1,70,4b,cd,fd,d1,b7,4a,9d,df,cc,d0,b1,ad,b6,97,32,70,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:38,bc,0a,91,92,24,4d,38,fb,a6,91,19,21,93,73,22,fe,b0,ba,a8,1d,
6d,33,97,0e,98,a8,ed,a1,70,4b,cd,fd,d1,b7,4a,9d,df,cc,d0,b1,ad,b6,97,32,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4292)
d:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\program files\CyberLink\Shared files\RichVideo.exe
d:\program files\Viewpoint\Common\ViewpointService.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-20 16:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 23:52

Pre-Run: 11,401,095,680 bytes free
Post-Run: 13,851,741,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - A9E0653463A54D3B724A312E0F8855B6
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top