Solved What now?

[medni]

ComboFix 11-05-02.03 - Administrator 02/05/2011 21:22:40.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1815 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\temp
c:\users\Administrator\AppData\Local\temp\FXSAPIDebugLogFile.txt
c:\users\Administrator\AppData\Roaming\SmartPCTools
c:\users\Administrator\AppData\Roaming\SmartPCTools\Registry Repair Wizard\fixlog.ini
c:\users\Administrator\AppData\Roaming\SmartPCTools\Registry Repair Wizard\RegCleanMaster.ini
c:\users\Administrator\AppData\Roaming\SmartPCTools\Registry Repair Wizard\UndoCenter\20110418031828A.cab
c:\users\Default\AppData\Local\temp
c:\users\shahbaz\AppData\Local\temp
c:\windows\$regcmp$
c:\windows\system32\config\systemprofile\AppData\Local\temp
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 20:34 . 2011-05-02 20:36 -------- d-----w- c:\users\Administrator\AppData\Local\Temp
2011-05-02 01:43 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8E8458-7597-40C0-80ED-37CA2B1F0698}\mpengine.dll
2011-04-30 12:44 . 2011-04-30 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2011-04-28 21:10 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-28 21:09 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 21:09 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 21:09 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 21:09 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-27 14:12 . 2011-04-27 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-04-27 13:02 . 2011-04-27 13:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Template
2011-04-27 01:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 01:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 23:31 . 2011-04-26 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\program files\ESET
2011-04-22 01:12 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 22:46 . 2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings
2011-04-20 22:42 . 2011-04-20 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-20 01:46 . 2011-04-20 01:46 -------- d-----w- c:\users\shahbaz\AppData\Local\Mozilla
2011-04-19 00:18 . 2011-04-19 00:26 -------- d-----w- c:\users\shahbaz\AppData\Local\ElevatedDiagnostics
2011-04-19 00:16 . 2011-04-19 00:16 -------- d-----w- c:\program files\Microsoft ATS
2011-04-19 00:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-19 00:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 00:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-18 03:25 . 2011-04-18 03:25 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
2011-04-18 03:22 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-18 03:22 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-18 03:22 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-18 03:22 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-18 03:22 . 2011-01-20 14:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-18 03:22 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-18 03:22 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-18 02:31 . 2011-04-18 02:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
2011-04-14 15:46 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88999D78-2F69-4109-9574-2F1CBC1E0D68}\gapaengine.dll
2011-04-14 15:40 . 2011-04-14 15:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 15:36 . 2011-04-14 15:36 -------- d-----w- c:\program files\Common Files\Java
2011-04-13 00:24 . 2011-04-13 00:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\users\shahbaz\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-12 22:58 . 2011-04-27 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 16:23 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-03 19:31 . 2011-04-03 19:31 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 09:29 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-28 21:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 21:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 21:09 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 21:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-12-11 10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-07-31 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:57 . 2011-04-20 01:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\ab26ce1d3b121af7df7fc04e ----
.
2011-04-18 03:25 . 2011-03-04 02:02 499 ----a-w- c:\ab26ce1d3b121af7df7fc04e\Windows6.0-KB905866-v48-x86-pkgProperties.txt
2011-04-18 03:25 . 2011-03-04 02:02 447 ----a-w- c:\ab26ce1d3b121af7df7fc04e\Windows6.0-KB905866-v48-x86.xml
2011-04-18 03:25 . 2011-03-04 01:58 2213919 ----a-w- c:\ab26ce1d3b121af7df7fc04e\Windows6.0-KB905866-v48-x86.cab
2011-04-18 03:25 . 2011-03-04 02:02 162986 ----a-w- c:\ab26ce1d3b121af7df7fc04e\WSUSSCAN.cab
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-21 274608]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-01 21:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 06:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R1 MpKsl059d5ba4;MpKsl059d5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76296B95-034E-4BAE-A588-0DE38E2F6B16}\MpKsl059d5ba4.sys [x]
R1 MpKsl0e35e201;MpKsl0e35e201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85744DD-B436-4AB7-8489-4D1A3B7688D7}\MpKsl0e35e201.sys [x]
R1 MpKsl15edd4fa;MpKsl15edd4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA842E7F-5CD8-499D-B1BB-F651C57B27C7}\MpKsl15edd4fa.sys [x]
R1 MpKsl1f027bd5;MpKsl1f027bd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl1f027bd5.sys [x]
R1 MpKsl22aec72c;MpKsl22aec72c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EC21DDF-7B61-4B01-A09A-E26A6FF3C704}\MpKsl22aec72c.sys [x]
R1 MpKsl23a942af;MpKsl23a942af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl23a942af.sys [x]
R1 MpKsl29d4e984;MpKsl29d4e984;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl29d4e984.sys [x]
R1 MpKsl2a36455e;MpKsl2a36455e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl2a36455e.sys [x]
R1 MpKsl34671c43;MpKsl34671c43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAF9E39-A26E-4194-BB06-875C25C84E36}\MpKsl34671c43.sys [x]
R1 MpKsl3a1516e5;MpKsl3a1516e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl3a1516e5.sys [x]
R1 MpKsl4453f55b;MpKsl4453f55b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl4453f55b.sys [x]
R1 MpKsl44854048;MpKsl44854048;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10315178-3E52-4EA6-9F81-502D87DA1D0C}\MpKsl44854048.sys [x]
R1 MpKsl46ed0474;MpKsl46ed0474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl46ed0474.sys [x]
R1 MpKsl4d2e1481;MpKsl4d2e1481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKsl4d2e1481.sys [x]
R1 MpKsl616f29e3;MpKsl616f29e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27231138-BED7-4FE5-A0F1-0BFAEF9B3D56}\MpKsl616f29e3.sys [x]
R1 MpKsl65298408;MpKsl65298408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl65298408.sys [x]
R1 MpKsl665c5764;MpKsl665c5764;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3218C03F-DC73-40E4-BA08-42B2034453B5}\MpKsl665c5764.sys [x]
R1 MpKsl6b835e7f;MpKsl6b835e7f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl6b835e7f.sys [x]
R1 MpKsl6cdd9eac;MpKsl6cdd9eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsl6cdd9eac.sys [x]
R1 MpKsl7249b573;MpKsl7249b573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65337EDC-4DA4-4855-BCF4-B93189FA9039}\MpKsl7249b573.sys [x]
R1 MpKsl76d86933;MpKsl76d86933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKsl76d86933.sys [x]
R1 MpKsl79002210;MpKsl79002210;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl79002210.sys [x]
R1 MpKsl8a07f1d3;MpKsl8a07f1d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390D937C-AA4C-4EF7-ADA3-EE04546D1F9E}\MpKsl8a07f1d3.sys [x]
R1 MpKsl9078bbe0;MpKsl9078bbe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C85C945-F51D-4568-98DB-BB67477F4506}\MpKsl9078bbe0.sys [x]
R1 MpKsl9890e981;MpKsl9890e981;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl9890e981.sys [x]
R1 MpKsl9efac3e3;MpKsl9efac3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl9efac3e3.sys [x]
R1 MpKsla120204d;MpKsla120204d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsla120204d.sys [x]
R1 MpKsla19e334d;MpKsla19e334d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349A63F7-8208-4980-BD37-4D83F8649B29}\MpKsla19e334d.sys [x]
R1 MpKsla4df3f62;MpKsla4df3f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1912C3F-972A-4137-A817-8B464CDA0F7C}\MpKsla4df3f62.sys [x]
R1 MpKslaa083dd1;MpKslaa083dd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKslaa083dd1.sys [x]
R1 MpKslbf9e0f08;MpKslbf9e0f08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKslbf9e0f08.sys [x]
R1 MpKsldcb01bf3;MpKsldcb01bf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E1A6555-A1F4-4FD3-9DFC-052D36C7C23B}\MpKsldcb01bf3.sys [x]
R1 MpKslf3776eca;MpKslf3776eca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AA07AC5-7517-4FF9-BE8D-DB62C1CCAC79}\MpKslf3776eca.sys [x]
R1 MpKslfd10cd6c;MpKslfd10cd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKslfd10cd6c.sys [x]
R1 MpKslfea62f1e;MpKslfea62f1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKslfea62f1e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-31 10:14]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000Core.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000UA.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3345154763-3622116426-816371545-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\igk5pcsv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 21:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-05-02 21:44:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 20:44
ComboFix2.txt 2011-05-02 01:42
ComboFix3.txt 2011-04-30 22:27
.
Pre-Run: 232,981,323,776 bytes free
Post-Run: 232,876,478,464 bytes free
.
- - End Of File - - F7F6F9B41B662876E5599F728557E2B4

 

[Bobbye]

How is the system running now?

The Combofix log looks good- just two entries to remove. If you still have either of these programs installed, they should be uninstalled and Windows explorer should be used to remove the program folders:
Sammsof
DDMSettings or may appear as iSeries Navigator
=================================
Just 2 more scans to make sure no bad entries remain:
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.com/us/online-scanner#

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
7. Check "Scan unwanted applications"
8. Click Scan
9. Wait for the scan to finish
10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
12. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

===========================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[medni]

i cant run the first scanner.....




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:53:43, on 04/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM13Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Users\Administrator\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-3345154763-3622116426-816371545-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'shahbaz')
O4 - HKUS\S-1-5-21-3345154763-3622116426-816371545-1000\..\Run: [Google Update] "C:\Users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'shahbaz')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7842 bytes

 

[medni]

i have deleted samsoff but could not not locate the other file

 

[medni]

also one other question do i still keep the combo and malwareby dds tfc etc on the desktop,i will do until told to do other wise....

 

[Bobbye]

Please use the Edit feature if you have a sentence to add. I get an email notice for every one of these replies. The only time you should not use Edit is to insert a log.

Are you referring to the Eset scan? What happens when you try to run it?

I will have you remove the cleaning tools and logs when we finish.

How is the system running now?

 

[medni]

sorry about that ,system seems to be running fine ..no diverting searches etc...
i get the message that definations cannot be updated on the eset scan

 

[Bobbye]

DId you enable this after running Combofix: AV: Microsoft Security Essentials

Did you disable it when running the Eset scan?

 

[medni]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=682fb83aff219146a231349a29ade0ac
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-30 02:35:47
# local_time=2011-04-30 03:35:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 174519 40705182 170869 0
# compatibility_mode=5892 16776574 100 95 19847607 141701335 0 0
# compatibility_mode=8192 67108863 100 0 384296 384296 0 0
# scanned=117042
# found=0
# cleaned=0
# scan_time=5514
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=682fb83aff219146a231349a29ade0ac
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-04 10:53:50
# local_time=2011-05-04 11:53:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 95 20223031 142076759 0 0
# compatibility_mode=8192 67108863 100 0 759720 759720 0 0
# scanned=112944
# found=0
# cleaned=0
# scan_time=5572

 

[Bobbye]

Good job! Online virus scan is clean! Problems resolved. System is clean.

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.

 

[medni]

all running fine ,i would like this oppurtunity to thank you for your expertise...

 

[Bobbye]

You're very welcome. Stay safe and enjoy your computing!